- Uses a shared key available to all users

- individual combinations of public and private keys for each user

- intentional alteration by a third party

- intentional deletion of portions fo the data

- unintentional alteration by faults in the transmittion process

- Represented by "P"

- A message before it's put into a coded form

- Represented by "C"

- A message after it is encrypted

A set of rules, usually mathematical, that dictates how enciphering and deciphering processes take place

- also known as Kerchkhoff's assumption

- Cryptographic systems should be secure even if everything about the system, except the key, is public knowledge

- "The enemy knows the systems"

Single shared key

Each participant has their own pair of keys

- Federal Information Processing Standard (FIPS) 140-2 "Security Requirements for Cryptographic Modules"-

- Defines the hardware and software required for cryptographic modules that the federal government uses

Represented by ^

X ^ Y

Represented by \/

X \/ Y

Represented by ! or ~

X   !X

Exclusive OR, XOR

Output is 1 only when 1 of the values is 1.  (both 1 = 0, both 0 = 0)

The symbol is a circle with a + inside

X    Y     output

0    0    0

0    1    1

1    0    1

1    1    0

- The remainder left over after division

- Represented by % or the abbreviation mod

A mathematical operation that easily produces output values for each possible combination of inputs, but makes it impossible to retrieve the input values

A random number that acts as a placeholder variable in mathematical functions

- Initialization Vector (IV)

- a random bit string that is the same length as the block size and is XORed with the message

- IVs are used to create unique ciphertext every time the same message is encrypted using the same key

- prove your knowledge of a fact to a third party without revealing the fact itself to that third party.  

- Often done with passwords and other secret authenticators 

- Single solution that contains the separation of duties and the two-person control

- a.k.a. work factor

- the time and effort required to perform a complete brute-force attack against an encryption system 

Words or phrases that represent something such as 10-4

- always meant to hide the true meaning of the message

- use techniques to alter and/or rearrange the characters to bits of a message

- Ciphers convert plaintext to ciphertext on a bit basis, character basis (ASCII), or block basis (fixed-length message)

- Rearrange the letters of a plaintext message

- Columnar transposition is a form of this

- Replaces each character or bit of the plaintext message with a different character

- ROT3 cipher used by Caesar

- Vigenere cipher

- Examination of frequency based on the repeated use of the key

- Extremely powerful type of substitution cipher

- use a different substitution alphabet for each letter of the plaintext message

-a.k.a. Vernam ciphers after Gilbert Sandford Vernon of AT&T Labs

- When used properly, they are unbreakable encryption 

- a.k.a. Book Cipher

- Encryption key is as long as the message itself and is often chosen from a common book

- Operate on chunks or blocks of a message and apply the encryption to an entire message block at the same time.

- Most modern encryption algorithms implement some type of block cipher

- Operate on one character or bit of a message (or data stream) at a time.

- Stream Ciphers can also function as a type of block cipher with a buffer that fills up real-time and then encrypts as a block

- Occurs when the relationship between the plaintext and the key is so complicated that an attacker can't merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key.

- Occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext

- a.k.a Public Key Algorithms

- provide a solution to the weaknesses of symmetric key encryption 

- each user has 2 keys: a public key, shared with users, and a private key, that is kept secret

- opposite and related keys must be used in tandem to encrypt and decrypt.  In other words, if the public key encrypts, then only the corresponding private key can decrypt and vice versa.

- Provide support for digital signatures

Number of keys = N (N-1)

                        -------------

                               2

- Addition of new user requires generation of 1 public-private key pair

- Users can be removed far more easily from asymmetric systems

- Key regeneration is required only when a private key is compromised

- can provide integrity, authentication, and nonrepudiation

- key distribution is a simple process

- No preexisting communication link needs to exist

- Cases where a hash function produces the same value for two different methods

- Data Encryption Standard (DES)

- Triple DES (3DES)

- International Data Encryption Algorithm (IDEA)

- Blowfish

- Skipjack

- Advanced Encryption Standard (AES)

- Data Encryption Standard (DES)

- 64-bit block cipher

  -- 64 bits of plaintext at a time to generate 64-bit blocks of ciphertext.  Uses XOR operations to generat ciphertext.

  -- 56-bit key

- Five modes of operation

  -- Electronic Code Book (ECB) mode

  -- Cipher Block CHaining (CBC) mode

  -- Cipher Feedback (CFB) mode

  -- Output Feedback (OFB) mode

  -- Counter (CTR) mode

- DES

- continues to encrypt using the 64-bit block (56-bit plus parity bits) and repeat

- vulnerable because it repeats 

- Cipher Block Chaining (CBC) mode of DES

- each block of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm

- reverse the XOR to decrypt

- CBC implements an Initialization Vector (IV) and XORs it with the first block of the message, producing a unique output every time

- Cipher Feedback (CFB) mode of DES

- streaming cipher version of CBC

- operates in real-time

- Output Feedback Mode (OFB) mode of DES

- almost the same as CFB mode.

- DES XORs the plaintext with a seed value

- For the first encrypted block, an initialization vector is used to create the seed value

- Counter Mode (CTR) of DES

- Uses a simple counter that increments for each operation

- Allows you to break an encryption or decryption operation into multiple independent steps making this well suited for parallel computing

- Triple DES (3DES)

- 4 modes

  -- DES-EEE3 - three encrypt ops & 3 keys used

  -- DES-EDE3 - encrypt decrypt encrypt & 3 keys used

  -- DES-EEE2 - three encrypt ops & 2 keys used

  -- DES-EDE2 - encrypt decrpyt encrypt & 2 keys used

  -- Effective key length 112-bits

- International Data Encryption Algorithm (IDEA)

- 64-bit block cipher

- begins operation with 128-bit key

- Key broken up into (52) 16-bit subkeys

- Capable of operating in the same 5 modes as DES: ECB, CBC, CFB, OFB, CTR

- One popular implementation of IDEA is Pretty Good Privacy (PGP)

- 64-bit block cipher

- allows variable-length keys from 32 to 448 bits

- Must faster algorithm that IDEA and DES

- no license required; released for public use

- Blowfish is often used in SSH

- Approved by US Govt in Federal Information Processing Standard (FIPS) 185, the Escrowed Encryption Standard (EES)

- 64-bit blocks of text and uses 80-bit key

- Capable of operating in the same 5 modes as DES: ECB, CBC, CFB, OFB, CTR

- Supports escrow of encryption keys: NIST and Dept of Treasury hold a portion of the information required to reconstruct a Skipjack key

- Rivest Cipher 5 (RC5) patented by Rivest-Shamir-Adleman

- symmetric algorithm

- Block cipher with sizes of 32, 64 or 128 bits

- Key size 0 - 2040 bits

- Advanced Encryption Standard (AES)/Rijendael block cipher

-  NIST chose AES to replace DES in Oct 2000

- FIPS 197 mandated use of AES

- AES cipher allows key strengths 128, 192, 256 bits, but AES only allows the processing of 128-bit blocks

- Rijndael exceeded AES allowing block size equal to key length

- number of encryption rounds depends on the key length choses=n

- BLock cipher

- 128-bit blocks of data

- can use keys up to 256-bit

- prewhitening involves XORing with separate subkey before 1st round of encryption

- postwhitening uses similar operation after the 16th round of encryption

- Security measures to take extraordinary measures to protect the security of the keying material

- Offline distribution, Public Key Encryption, Diffie-Hellman

- One-time pad

- use a different substitution alphabet for each letter of the plaintext message

- Common Criteria

- structured methodology for documenting security requirements, validating security capabilities

- "protection profiles" and "security targets"

- Systems Security Engineering - Capability Maturity Model (SSE-CMM)

- Rivest-Shamir-Adleman (RSA)

- El Gamal

- elliptical curve cryptography (ECC)

- secure hash algorithm (SHA)

- message digest 2 (MD2)

- message digest 4 (MD4)

- message digest 5 (MD5)

- hast message authentication code (HMAC)

- hash of variable length (HAVAL)

- Federal Information Processing Standard (FIPS) 180

- Secure Hash Standard (SHH)

- specifies Secure Hash ALgorithm (SHA) and successors SHA-1, SHA-2, and SHA-3

Four vairants: SHA-256, SHA-224, SHA-512, SHA-384

SHA-256 & SHA-224: 512-bit block size

  -- SHA-256 produces 256-bit message digest

  -- SHA-224 produces 224-bit message digest; truncated version of SHA-256

SHA-512 & SHA-384: 1,024-bit block size

  -- SHA 512 produces 512-bit message digest

  -- SHA-384 produces 384-bit message digest; truncated verion of SHA-512

- Hashed Message Authentication  Code (HMAC)

- partial digital signature

- guarantees integrity during transmission

- does not provide nonrepudiation

- shared secret key

- Use your PRIVATE KEY to:

  -- Decrypt a message sent to you

  -- Sign a message you are sending to someone else

-

- Use the other person's PUBLIC KEY to:

  -- Encrypt a message to someone else

  -- Verify the signature on a message sent by someone else

- Digital Signature Standard (DSS)

- Fed Govt must use SHA-3 hashing functions

- 3 keys approved for digital signatures

  -- Digital Signature Algorithm (DSA) - FIPS 186-4

  -- RSA - ANSI X9.31

  -- Elliptic Curve DSA (ECDSA) - ANSI X9.62

- International standard that specifies digital certificates identifying information and their construction

  -- serial number

  -- algorithm identifier

  -- issuer

  -- valid period

  -- subject's name (Distinguished name - DN)

  -- subjects public key

- Certificate Authority (CA)

- glue that binds PKI together

- notarization services for digital certificates

- Registration authorities (RA)

- assist CAs with the burden of verifying users' identities

- Certificate Revocation List (CRL)

- Most common method of checking certificate status

- Online Certificate Status Protocol (OCSP)

- Hardware Security Modules (HSM)

- an external TPM

- Store and manage encryption keys in a secure manner that prevents humans from ever needing to work directly with the keys

- Trusted Platform Module (TPM)

- Specialized encryption that resides on the motherboard of the device

- Purpose to store and manage keys used for full disk encryption (FDE) 

- Need confidentiality - encrypt the message

- Need integrity - hash the message

- Need authentication, integrity, and/or nonrepudiation - digitally sign the message

- Need confidentiality, integrity, authentication, and nonrepudiation - encrypt and digitally sign the message

** Responsibility of the sender

- Secure/multipurpose internet mail extensions (S/MIME)

- protocol emerged as standard for encrypted email

- uses RSA 

- relies on X.509 certificates for exchanging keys

- supports AES and 3DES

- Secure Socket Layer (SSL)

- HTTPS uses port 443

- relies on exchange of server digital certificates between browser and web server

- PKI 

- Transport Layer Security (TLS)

- proposed replacement for SSL

- HTTPS over TLS uses TCP port 443

 - Padding Oracle on Downgraded Legacy Encryption (POODLE) exploited TLS ability to fall back to SSL.  TLS dropped SSL support

- using cryptographic techniques to embed secret messages within another message

- modifies least significant bits that make up image files

- Digital Rights Management (DRM)

- software used to enforce copyright on gitial media

- encrypts all traffic at one of the tunnel and decrypts at the other end of the tunnel

- data circuit

- all data, including the header, trailer, address, and routing data is also encrypted

 - each packet has to be decrypted at each hop so it can be properly routed to the next hop and then re-encrypted before it can be sent along its way, which slows the routing

- e.g. TLS, SSH

- does not encrypt the header, trailer, address, and routing data so it moves faster from point to point, but is more susceptible to sniffers and eavesdroppers

- Internet Protocol Security (IPsec) standard

- standard architecture set forth by the Internet Engineering Task Force (IETF) for setting up a secure channel between 2 entities

- uses PKI

- primarily used for VPNs

- can operate in transport or tunnel mode

- commonly paired with Layer 2 Tunneling Protocol (L2TP) as L2TP/IPsec

- Authentication Header (AH)

- provides message integrity and nonrepudiation

- prevents replay attacks

- Encapsulating Security Payload (ESP)

- provides confidentiality and integrity of packet contents

- prevents replay attacks

- Transport mode - only the packet payload is encrypted

  -- designed for peer-to-peer communication

- Tunnel mode - entire packet, including header, is encrypted

  -- designed for gateway-to-gateway communications

- Security Associations (SA)

- you set up an IPsec session by creating a SA

- The SA represents the communication session and records any configuration and status information about the connection

- SA represents a simplex connection

- 2-way, 2 SAs

- bi-directional channel using AH and ESP will need 4 SAs

- Internet Security Association and Key Management Protocol (ISAKMP)

- background security support for IPsec

- negotiates, establishes, modifies, and deletes security associations

- SAs are managed through ISAKMP

4 requirements in FFC-2408

- Authentical communicating peers

- Create and manage associations

- Provide key generation mechanisms

- Protect against threats

- Wired Equivalent Privacy (WEP) 

- Wireless networking

- provides 64- and 128- bit encryption options

- WEP described in IEEE 802.11 as optional 

- significant flaw; should never use on wireless network

- WiFi Protected Access (WPA)

- improves on WEP by implementing the Temporal Key Integrity Protocol (TKIP) 

- Improvement on WPA that adds AES.

- Flexible framework for authentication and key management in wired and wireless networks

- client runs SUPPLICANT software

- Supplicant communicates with server

- Authentication allows client access to network

- WPA was designed to interact with 802.1x authentication servers

Analytic Attack - algebraic manipulation attempts to reduce complexity of algorithm

Implementation Attack - Exploits weaknesses in implementation of system; focuses on software code

Statistical Attack - Exploits statistical weaknesses in cryptosystem such as floating-point errors and inability to produce truly random numbers

Brute Force- Attempts every possible combination for a key or password.  2 modifications increase effectiveness:

  -- Rainbow tables - commonly used cracking passwords

  -- Specialized, scalable computing hardware

5 requirements

- must allow input of any length

- provide fixed-length output

- relatively easy to compute

- one-way functionality

- collision free

1. use hashing function to generate message-digest

2. encrypt the digest with your private key

3. verify the digital signature on a message

4. decrypt the signature with the sender's public key

.

compare the message digest to one you generate yourself.  If they match, the message is authentic

- maintains a row of security attributes for each controlled object (asset) managed through the model

provides a way for the designer of a system to correlate abstract statement into a security policy that will define an explicit set of rules allowing a computer to implement the fundamental concepts of the policy

a permanent part of the object it references

- Important concept in multilevel security systems, ensuring that data existing at one security level is not visible to a process running at a different security level

- Ensures that all security controls remain in place in the event of a crash

- Entry point into a system known only to the developer of the system (backdoor)

Occur in slow, gradual fashion. Types:

  -- a. Data Diddling - attacker makes small, random changes to data to hide their activity

  -- b. Salami attack - small transactions deducting tiny financial amounts form lots of accounts

- Trusted Computing Base (TCB)

- The totality of the hardware, software, and firmware that contains all elements of the system responsible for supporting the security policy and the isolation of objects.  When activated it provides a Trusted Path for communication and a Trusted Shell for activity

- The reference monitor ensures that any subject attempting to access any object has the appropriate rights and protects objects from unauthorized access.

- Made up of all the components of the TCB.

- Responsible for implementing and enforcing the reference monitor.

- Responsible for enforcing a security policy.

- Completeness (complete mediation) - all access to information goes through the kernel

- Isolation - the kernel is protected from unauthorized access

- Verifiability - the kernel must be proven to meet design specifications

- processor

- memory

- storage

1. fetching

2. decoding

3. executing

4. storing

- Protect the processor and the activities that it performs.

- Many operating systems use two processor access modes:

1. User (or process, problem, or program) mode - processor limits access to system data and hardware grated to the running process

2. Kernel (or supervisor) mode - processor is operating at the highest privilege level on the system, and this allows the process running in the supervisor state to access any system resource (data and hardware) and execute both privileged and non-privileged instructions

- Discrete layers that control interactions between more privileged and less privileged processes on the system.

- ring protection

- Three most common methods used to achieve memory protection are:

  -- 1. Segmentation - dividing memory into segments.  A reference to memory location includes a value that identifies a segment and an offset within that segment

  -- 2. Paging - divides the memory address space into equal-sized blocks called pages.  A page table maps virtual memory to physical memory. 

  -- 3. Protection keying - divides physical memory up into blocks of a particular size, each with an associated numerical value called a protection key.  Each process also has a protection key value associated with it. When memory is accessed, the hardware checks that the current process's protection key matches the value associated with the memory block being accessed.  If not, then an exception occurs.

- Symmetric multiprocessing

- system that shares common operating system, data bus, and memory resources

- systems that house hundreds or thousands of processors, each with it's own operating system, memory and bus resources

- takes place on mainframes

- que of processes

- when one process waits for a peripheral, state is saved and the next process continue

- first process continues when all other processes have chance to execute

- multiple concurrent tasks performed within a single process

- Threads are self-contained sequence of instructions that can execute in parallel with other threads that are part of the same parent process

- require policy mechanisms to manage info at different levels

- admins approve system and processor to handle only one security level at a time

- capable of might higher level of security (compared to single-state systems)

- these systems are certified to handle multiple security levels simultaneously by using specialized security mechanisms.

- mechanisms prevent info from crossing between security levels

** Priority, privilege, and memory segmentation

- Organize code and components in an operating system into concentric rings

- the deeper inside, the higher the privilege level

- modern O/S = 4 rings (0-3)

- originally designed in multics O/S - 7 rings (0-6)

- 0 is highest

Kernel

- the part of an operating system that always remains resident in memory so that it can run on-demand at any time.

- it occupies ring 0 and can preempt code running at any other ring

  (Rings 0-2 run in supervisory or privileged mode)

Ring 0 - OS Kernel/memory (Resident components)

Ring 1 - Other OS components

Ring 2 - Drivers, protocols, etc.

  (Ring 3 runs in user mode) 

Ring 3 - User-level programs and applications

- processes in higher-numbered rings must generally ask a handler or a driver in a lower-numbered ring for services they need

- kernel mode (for rings 0-2)

- user mode (ring 3)

- a process in a ring that requests access to resources that are above it's authorization (e.g. process in ring 2, asking for ring 1 resources)

- a.k.a. operating states

- Supervisor - privileged, all-access

- Running/Problem - user mode, all requests checked for authorization

- Ready - process is ready to run or resume as soon as it's scheduled for execution

- Waiting - waiting for a resource

- Stopped - process finishes or must be terminated (resource not available, error) 

- Dedicated - requires user clearance, access approval, and need to know for all info on system

- System High - similar to dedicated, users have access to some info, but not necessarily all info processed by system

- Compartmented - clearance for all info, approval for info user will have access to, must have need to know

  -- Compartmented mode workstations (CMW) - users with necessary clearances can process multiple compartments of data at the same time

- Multilevel - users not cleared for all info processed by system (different clearances).  subjects clearance level dominated objects' sensitivity level

- User mode - CPU allows the execution of only a portion of its full instruction set, designed to protect users from accidental damage or malicious users

- Privileged mode - full range of instructions supported by the CPU (supervisory mode, system mode, kernel mode)

- well-designed operating systems do not let any user application execute in privileged mode

- power on self test

- no other process is able to interact with the internal programming code of the process

- processes use resources according to a schedule

- each process has its own memory space as it executes

  -- a. abstraction level for programmers

  -- b. maximize performance with limited memory (physical RAM)

  -- c. protect O/S and apps loaded into memory

1. Relocation - move, swap 

2. Protection - access control for memory segments 

3. Sharing - multiple users with different access interact with a process

4. Logical organization - segmentation of all memory types providing addressing scheme at an abstraction level

5. Physical organization - segmentation of physical memory

- Allow O/S to make sure a process is only able to interact with memory segments assigned to it

  -- 1. Base Register - beginning address assigned to process

  -- 2. Limit Register - ending address assigned to process

1. all system-wide data structures and memory pools can be used only in kernel mode

2. Each process has separate, private address space protected from other processes - Address Space Layout Randomization (ASLR)

3. H/w or s/w controlled memory protection r/w access.  Commonly referred to as Data Execution Prevention (DEP)

4. Access Control Lists to protect shared memory objects

- Address Space Layout Randomization (ASLR)

- Memory protection

- Data Execution Prevention (DEP)

- Memory Protection

- holds data not currently being used by the CPU

- used when data must be stored for extended periodd

- storing part of the data on secondary storage

- a.k.a. Main Memory or Primary Memory

- largest RAM storage 

  -- Static RAM - Flip-flops

  -- Dynamic RAM - capacitors

- CPU onboard memory directly accessible to Arithmetic Logic Unit (ALU)

- part of the ALU itself

- operates at CPU speeds

Referring to various memory locations

- Register- CPU registers

- Immediate - a way to refer to data supplied to CPU as part of an instruction

- Direct- CPU is provided actual address of memory to access

- Indirect- CPU access memory that contains another memory address 

- Base+Offest- uses a value stored in a CPU register as the base location to begin counting.  Ads offset to base address and retrieves the operand from computed address

- Focus on defining allowed interactions between subjects and users at a particular moment in time.

  -- State Machine Model - 

  -- Information Flow Models - 

  -- Matrix-based Models - 

  -- Take-Grant Model - 

  -- Multilevel Lattice Models - 

  -- Noninterference Models - 

- Based on definition of a Finite State Machine (FSM)

- The role of time is a state model is very important

- System's secure state can only change at distinct points in time, such as when an event occurs

- At initial startup, the system checks to determine if it is in a secure state

- transition only from one secure state to another secure state, determined by a security policy

- always enforcing security policy rules

- Focus on how information is or is not allowed between objects

- "Do not disturb"

- Used to ID potential covert channels

- access control matrix is a 2-dimensional table that indicates the actions that subject can perform on objects. 

- Columns are Access Control Lists (ACL) (e.g. define r/w access for Mike)

Take-Grant Model

- set of rules to enforce how rights can be passed from one subject to another or from a subject to an object

  -- Take rule allows a subject to take rights

  -- Grant rule allows a subject to grant rights

- Strict strict layers of rules that allow/disallow interactions between subjects/objects based on the layers they are in

- Subject/object interaction

  -- security labels attached to all subject/objects

  -- clearance of subject compared to clearance of object

  -- look at what the subject wants to do and determine if access should be allowed

- Addresses interactions between subjects/objects

- Also deal with the effects of covert channels that may leak information

- Goal of this model is to help ensure that high-level actions (inputs) do not determine what low-level users can see (outputs)

- CONFIDENTIALITY

  -- simple security property - can not read info that is at a higher security level; NO READ UP

  -- * (star) security property; can not write down information to lower security level; NO WRITE-DOWN

  -- discretionary security property - uses access matrix to enforce discretionary access control

  -- Exception - "trusted subject" can violate star security property to declassify or reclassify an object

- Any breach of simple or star security, No confidentiality

- INTEGRITY

- like Bell Lapadula, requires all subject/objects classified with labels

  -- prevent modifications of objects by unauthorized subjects, &  unauthorized mods of objects by authorized subjects

  -- protect internal and external object consistency

Properties:

a. Simple Integrity Property - subject can't read an object at a lower integrity level - NO READ DOWN

b. * (star) Integrity Property - Subject can't modify an object at a higher integrity level - NO WRITE UP

- Doesn't address access control, protection from external threats, or prevent covert channels

- Does not provide a way to classify level of subject/object

- INTEGRITY !!! (only)

- Define each data item and allow modification only through a small set of programs

- 3 part relationship:  Subject | Transaction (program) | Object

- Items & procedures

  -- Constrained Data Item (CDI) - Data protected by model

  -- Unconstrained Data Item (UDI) - Data not protected by model

  -- Integrity Verification Procedure (IVP) - Scanning items to ensure integrity

  -- Transformation Procedures (TPs) - ONLY procedures allowed to mod CDI

Three goals:

1. Preventing unauthorized users from making modifications to data/programs

2. Preventing authorized users from making improper or unauthorized modifications

3. Maintaining internal and external consistency of data and programs

- Chinese Wall

- Focuses on conflict of interest

- INTEGRITY !!!

- Not as well known as Biba

- Credited with defining the concepts of noninterference

- Predetermination of a list of objects that a subject can access

- INTEGRITY!!

- Focuses on preventing interference to support integrity

- based on state machine and information flow

- predetermined secure states

- 8 primary rules

- Access control Matrix

- Similar to Graham-Denning

- Set of generic rights and a finite set of commands

- concerned with situations in which a subject should be restricted from gaining particular privileges

Basic Input/OUtput System

- Unified Extensible Firmware Interface

- Replaced traditional BIOS since 2011

Transmission Control Protocol/Internet Protocol

Fully Qualified Domain Name

Dynamic Host Control Protocol

User Datagram Protocol

Blocking inbound port 53 can defend against DNS attacks from the outside

- TCP 53 is used for zone transfers; includes more DNS server to DNS server communications

- UDP 53 is used for queries, which is any non-DNS system sending a query to a DNS server

- Data flow is the movement of data between processes, between devices, across a network, or over communication channels

- Aggregation

- Inference

- Data Mining

- Data Warehousing

- Data Analytics

SQL provides a number of functions that combine records from one or more tables to produce potentially useful information

Database Management Systems

Asymmetric Multiprocessing (AMP)

- processors are often operating independently of each other

Symmetric Multiprocessing (SMP)

- Share a common O/S and memory.  The collection of processors works collectively on a single task, code, or project

Massive Parallel Processing (MPP)

Virtual Machine Monitor

- a.k.a. hypervisor

Platform as a Service

- Pizza delivery, instead of made at home

- Cloud provider manages cloud, network, servers, operating system, and storage

- Avoids having to purchase and maintain high-end hardware and software locally

- Vendor provides a computing platform and software solution stack as a virtual or cloud bases service

Infrastructure as a Service 

- Take and Bake pizza, instead of made at home

- Consumer provisions processing, storage, networks, consumer able to run o/s, software, apps; vendor manages underlying cloud infrastructure

- Vendor takes care of cloud systems that allow the scale-up of new software or data-based services/solutions through cloud systems without having to install massive hardware locally

Software as a Service (SaaS)

- Dining Out, instead of making pizza at home

- vendors takes care of all on-demand online access to specific software applications without a need for local installations.  (e.g. Microsoft 365)

Backups of virtual machines

- Quick means to recover from errors or poor updates

Cloud Access Security Broker

- Security policy enforcement solution that may be installed on-premises or may be cloud-based

- Enforce and ensure that proper security measures are implemented between a cloud solution and a customer

Security as a Service (SECaaS)

- security is provided to an org through or by an online entity

- Functional - what the design must accomplish

- Nonfunctional - qualities of the services

- Security policy - documents the requirements; "What are the requirements for security?"

- Security model - specification that describes the rules to support the security policy- "How are those requirements translated into technical specifications?"

- Formal security model - describes and verifies the ability to enforce security policy in measurable terms

Extensible Markup Language (XML)

Security Association Markup Language (SAML)

Open Web Application Security Project (OWASP)

- nonprofit security project focussing on improving security for online or web-based applications

Cross-site Scripting

Structured Query Language (SQL)

Lightweight Directory Access Protocol (LDAP)

Hypertext Markup Language (HTML)

Trivial File Transfer Protocol

Single Sign-on

Common Gateway Interface

Host-based Intrusion Detection System (HIDS)

Cross-site Request Forgery (XSRF)

Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)

Portable Electronic Device (PED)

Personally Owned Device (POD)

Near Field Communication (NFC)

Random Number Generator (RNG)

Trusted Platform Module (TPM)

- Deny by default

- Implicit Deny

- Allow by default and deny by exception 

Company Owned, Personally Enabled

Choose your own device

Virtual Desktop Infrastructure

Virtual Mobile Infrastructure (VMI)

- System Assurance

- Verify that a system enforces the desired security goals

- Evaluate in a consistent and repeatable way and report results

- NIST RMF  - Replaced DIACAP and DITSCAP

- Committee on National Security Systems (CNSS) Policy - replaced NIACAP

-

Both have a 4 step flow:

1. Definition

2. Verification

3. Validation

4. Post Accreditation

- Layering

- Abstraction

- Data Hiding

- Process Isolation

- Hardware Segmentation

- a fundamental principle behind Object-Oriented Programming

- users of an object don't need to know the details of how the object works

- They only need to know just the proper syntax for using the object and the type of data that will be returned

- Data existing at one level of security is not visible to processes running at different security levels

- O/S provides separate memory spaces for each process's instructions and data

- O/S enforces boundaries

- prevents access of info that belongs to a different process /security level

- enforces requirements through physical hardware

Trusted Computer Systems Evaluation Criteria

- a.k.a. Orange book

- focused on Confidentiality

- Introduced the idea of Trusted Computing Base (TCB)

- Combines functionality and assurance rating of confidentiality

A1 - Verified protection through D - minimal protection

- Information Technology Security Evaluation Criteria (ITSEC)

- assignment of assurance levels

- ISO 15408

- standardized approach to product evaluation and provides mutual recognition of evaluations

Part 1. Introduction & General model

Part 2. Security Functional Requirements

Part 3. Security Assurance

- Covert Timing Channel - alter system component timing

- Covert Storage Channel - write data to common storage area where someone else can read it

- A multiprocessor computer executing tasks on behalf of a multithreaded application.  2 types:

1. Symmetric (think SINGLE/Shared) multiprocessing (SMP) - a single computer that shares O/S, data bus & memory - single shared computer/machine

2. Massively Parallel (think MORE THAN ONE) Processing (MPP) - Very large collection of CPUs each with its own O/S, a data bus, and memory

- Allows multiple concurrent tasks to be performed within a single process

- Very similar to multitasking.  The key difference is the size of the system

- Supersize... not just multiple tasks, but multiple programs

- Handle multiple security levels simultaneously, providing higher levels of security.

- Use policy mechanisms to manage information at different levels, but only handling one security level at a time

- Forms of execution in which a process may run

1. Ready

2. Waiting

3. Running (problem)

4. Supervisory

5. Stopped

1. User (process, problem, program) - processor limits the access to system data and hardware grated to the running process

2. Kernel (supervisor) - processor is operating at the highest privilege level, and this allows the process running in supervisor state to access any system resource (data and hardware)

How a CPU refers to memory

- Register addressing - registers in the CPU

- immediate addressing - data as part of instruction

- Direct Addressing - actual location in memory

- Indirect Addressing - memory address contains another memory address instead of accessing directly

- Base + Offset Addressing - value in CPU register then add offset value to compute memory address

1. Applets / Java Applets

2. Local Caches (ARP | DNS)

3. ActiveX controls

1. data flow control (load balancers | DDos)

a. Aggregation - combining non-sensitive data from different sources to create sensitive info

b. Bypass Attacks - bypass controls at the frontend of database application

c. Concurrency (Time of Check (TOC)/Time of Use (TOU) - actions or processes run at the same time

d. Data Contamination - input data errors or erroneous processing

e. Deadlocking - 2 users try to access info at same time and both denied

f. Inference - deducing sensitive information from the information that is available

1. On-Demand self-service

2. Broad network access

3. Resource pooling

4. Rapid elasticity

5. Measured service

- Sharing CPU and other resources across a network so that all machines function as one large computer

- used for intensive tasks suitable for parallel tasks

Cloud Service Provider

OWASP

Open Web Application Security Project (OWASP)

Time of Check (TOC) - Subject checks the status of an object

Time of Use (TOU) - When the decision is made to access the object, the procedure access it at the TOU

The difference between the TOC and the TOU is sometimes large enough for an attacker to replace the original object with another object that suites their needs. These attacks are often called Race Conditions because the attacker is racing with the legitimate process to replace the object before it is used

1. Private Cloud

2. Community Cloud

3. Public Cloud

4. Hybrid Cloud - a combination of any 2

Type I - native or bare-metal.  Used for server virtualization

Type II - hosted on a client O/S

Industrial Control Systems (ICS):

1. Distributed Control Systems (DCS)

2. Programmable Logic Controller (PLC)

3. SUpervisory Control and Data Acquisition (SCADA)

A1 - Injection

A2 - Broken Authentication

A3 - Sensitive Data Exposure

A4 - XML External Entities (XXE)

A5 - Broken Access Control

A6 - Security Misconfiguration

A7 - Cross-site Scripting (XSS)

A8 - Insecure Deserialization

A9 - Using Components with Known Vulnerabilities

A10 - Insufficient Logging & Monitoring

Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

a. Input Validation

b. Limit Account Privileges

Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.

Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.

- Credit card fraud, identify theft, etc.

Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.

- Can disclose internal file shares, internal port scanning, remote code execution, and DoS

- Susceptible if XML documents accepts/inserts untrusted data into XML document

- Security Assertion Markup Language (SAML) for ID processing and single-sign on (SSO), may be vulnerable

- Simple Object Access Protocol (SOAP) prior to v1.2 is likely susceptible

Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users’ accounts, view sensitive files, modify other users’ data, change access rights, etc.

Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched/upgraded in a timely fashion.

- Insecure default configurations, incomplete or ad hoc configs

 XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

1. Reflected XSS - app or API includes unvalidated and unescaped user input as part of HTML output

2. Stored XSS - app or API unsanitized user input viewed later by another user/admin

3. DOM XSS - JavaScript frameworks, single-page apps, and APIs that dynamically include attacker-controllable data to a page 

- Typical XSS attacked include session stealing, account takeover, MFA bypass

Insecure deserialization often leads to remote code execution. Even if deserialization flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks.

- Serialization is translating data into a format that can be transmitted and reconstructed later and can recreate an identical copy of the object

- Replay, injection, and privilege escalation attacks

Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications and APIs using components with known vulnerabilities may undermine application defenses and enable various attacks and impacts.

Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.

1. Full device encryption

2. Remote wiping

3. Lockout

4. Screen locks

5. GPS

6. Application Controls

7. Storage Segmentation

8. Asset Tracking / Inventory Control

9. Mobile Device Management (MDM)

10 Device based Access Control

11. Removable storage

12. Disable unused features / device hardening

1. Data ownership

2. Patch Management

3. Antivirus

4. Device Forensics / Incident response

5. Privacy

6. Cameras and Microphones

1. Company-owned personally enabled (COPE)

2. Choose your own device (CYOD)

3. Corporate-owned

4. Virtual Desktop Infrastructure (VDI)

1. Network Segmentation

2. Security Layering

3. Application Firewalls

4. Patch Management

5. Firmware Versioning

6. Wrapping / Encapsulation of updates or configuration information to allow for secure communication / acceptance

1. Deter
2. Deny
3. Detect
4. Delay

Crime prevention through environmental design (CPTED)

Mean Time to Failure

Mean Time to Repair

Mean Time Between Failures

noise generated by a difference in power between the hot and ground wires of a power source

noise generated by a difference in power between the hot and neutral wires

Radio-frequency Interference

1. Incipient stage - only air ionization, but no smoke
2. Smoke stage - smoke is visible
3. Flame stage - flame can be seen with naked eye
4. Heat stage - intense heat buildup and everything in the area burns

A - Common Combustibles - water, soda acid

B - Liquids - CO2, halon, soda acid

C - Electrical - CO2, halon

D - Metal - Dry powder