CISSP-7-Security-Operations

Clipping Level

Predefined thresholds for the number of certain types of errors that will be allowed before the activity is considered suspicious and reported

Physical Barriers

Fences, gates, walls, doors, windows, protected vents and vehicular barriers

Slot Lock

A device lock type that secures a device to a stationary component by the use of a steel cable that is connected to a slot in a desk

Peripheral Switch Control

A device lock type that secures a keyboard by inserting an on/off switch between the system unit and the keyboard input slot

Electronic Access Control (EAC) Tokens

A generic term used to describe a proximity authentication device

Annunciator

A bell, light or alarm that provides information on the state or condition of something such as someone breaking into a restricted area Can detect intrusions via CCTV to help guards

Device Lock

A cable type lock that can secure a computer or peripheral to a desk to prevent theft or access

Key Override

A cipher lock capability ... A combination can be programmed into the lock to override in case of emergency situations

Hostage Alarm

A cipher lock capability ... An individual under duress can enter a special code that notifies security peeps of a situation

Door Delay

A cipher lock capability ... If a door is held open for too long, an alarm will trigger to alert personnel of suspicious activity

Master Keying

A cipher lock capability ... Supervisory personnel can change access codes and other features of the cipher lock

Port Control

A device lock type that blocks access to disk drivers or unused serial/parallel ports

Switch Control

A device lock type that covers power switches

Cable Trap

A device lock type that prevents the removal of input/output devices by passing the cables through a lockable unit

Charged-coupled Device (CCD)

A light-sensitive chip that is used in CCTVs

Device Lock Types

1) Switch controls 2) Slot locks 3) Port controls 4) Peripheral switch controls 5) Cable traps

Operating System Responses to Failures

1) System reboot 2) Emergency system restart 3) System cold start

Remote System Administration

1) Use VPN 2) Use SSH, commands should not be in cleartext 3) Strong authentication 4) Critical systems should be administered "locally" 5) Only a small number of administrators should be allowed to remotely administer a system

Mechanical Lock Types

1) Warded 2) Tumbler

Fence Sizes

3-4 ft: Deter only casual trespassers 6-7 ft: Consider too high to easily climb *8 ft: Deters the most determined intruder

Operational Assurance Examples

1) Access control mechanisms 2) Separation of privileged and user program code 3) Auditing and monitoring capabilities 4) Covert channel Analysis 5) Trusted recovery after a failure ... and more

Life-cycle Assurance Examples

1) Design specifications 2) Clipping-level configurations 3) Unit and integration testing 4) Configuration management 5) Trusted distribution ... and more

Physical Access Entry Point Types

1) External 2) Main 3) Secondary

CCTV Lens Types

1) Fixed focal length 2) Zoom (varifocal) Long focal lengths provide shorter area of views Warehouse: 2.8 - 4.3 mm Doorway: 8 mm Optimal zooms are better than digital zooms for overall quality for both wide and narrow shots

Security Administrator

1) Implements and maintains security devices and software 2) Carries out security assessments 3) Creates and maintains user profiles, access control mechanisms and MAC security labels 4) Manages password policies 5) Reviews audit logs Should not report to or be the same as a network administrator due to potential conflict of interest

Cylinder Strength Categories

1) Low Security: No pick/drill resistance 2) Medium Security: Some pick/drill resistance 3) High Security: High resistance, Grade 1/2 locks

Tumbler Lock Types

1) Pin 2) Wafer 3) Lever

Operating System Concerns

1) Protect the bootup sequence (C/A/D) 2) Prohibit bypassing of writing actions to system logs 3) Do not allow system forced shutdowns 4) Do not allow outputs to be rerouted

Racking

A lock picking technique against a pin tumbler lock where the lock pick is pushed to the back of the lock and quickly slid out while providing upward pressure whereby the pins fall in place

Tension Wrench

A lock picking tool shaped like a L and is used to apply tension to the internal cylinder of a lock in order to manipulate the pins

Bastion Host

A locked down system like those in a DMZ

Initial Program Load (IPL)

A mainframe term that refers to rebooting when the system loads the OS kernel into memory

Mechanical Combination Lock

A mechanical lock that requires the correct sequence of numbers to unlock it by using internal wheels and the more wheels the more protection

Warded Lock

A mechanical lock that uses a set of obstructions, or wards, to prevent the lock from opening unless the correct key is inserted, which has notches or slots corresponding to the obstructions in the lock, allowing it to rotate freely inside the lock Cheapest and easiest to pick

Tumbler Lock

A mechanical lock that uses pins, wafers or levers of varying lengths to prevent the lock from opening without the correct key

Lux

A metric used to measure illumination strength

Underwriters Laboratory (UL)

A nonprofit organization that tests, inspects and classifies electronic devices, fire protection equipment and construction materials The NIST version of the physical security world

Lock

A physical access control mechanism that is inexpensive and considered a "delaying" device and should not be considered a sole protection scheme, instead used with other controls The door, walls, hinges and frame should be just as strong as this device

Cipher Lock

A programmable lock that uses a keypad to control access and adds more intelligence than a traditional combination lock, including intrusion detection lockout and alarm remote initiation Other features include: 1) Door delay 2) Key override 3) Master keying 4) Hostage alarm Should have a backup power supply/battery and a shield to prevent keyboard shoulder surfing Also keyboards should be cleaned and the combinations should be randomly changed

Bollard

A small pillar put outside of a building in order to prevent someone from driving a vehicle through the exterior wall or access point

Wafer Tumbler Lock

A tumbler lock that is small and round that is often used for file cabinets, using wafers instead of pins Does not provide much protection

Hardware Implementation

A type of RAID implementation that uses its own CPU for calculations on an intelligent controller

Smart Card

A type of cipher lock that permits specific codes to be assigned to unique individuals allowing for better accountability and auditing A hotel key card is an example

Perimeter Intrusion Detection and Assessment System (PIDAS)

A type of fencing that has sensors located on the wire mesh and at the base of the fence that can set off an intrusion alarm if cut or climbed You would see these at a prison or military base

Electromechanical System

An IDS that detects a "break" in a circuit, such as strips of metal foil embedded in a window or door

Photoelectric / Photometric System

An IDS that detects the change in a light beam Hint: photo = light

Passive Infrared (PIR) System

An IDS that detects the changes of heat waves in an area it is configured to monitor usually through the use of particle changes in the air Think of this as a thermal device

Event Management

An application that collects various logs looking for patterns and potentially malicious activities

Continuous Lighting

An array of lights that provides an even amount of illumination across an area without interruption MOST common type -- more so than standby

Electronic Combination Lock

An electronic version of a mechanical lock where a keypad is used instead of internal wheels

Business Software Alliance (BSA)

An organization that targets companies that use pirated/illegal copies of software

Transponder

Another name for sensing access control reader

Gate Classifications

Class I - Residential Class 2 - Commercial (public parking lot) Class 3 - Industrial (warehouse) Class 4 - Restricted (prison) Hint: Israeli Military - Prison Four Residents commercialize industrial restrictions

Class 2 Gate

Commercial

Grade 1

Commercial/industrial grade lock

Operational Assurance

Concentrates on the product's architecture, embedded features and functionality that enable a customer to continually obtain the necessary level of protection when using the product

Iris

Controls the amount of light going into a camera lens and can be controlled manually or auto

Lighting

Critical areas need to have illumination that reaches at least 8 feet with the illumination intensity of 2 foot-candles Hint: 8 ft tall baby celebrates second birthday

Mandatory Vacation

Employees are required to take time off as a means to detect fraudulent actives when they are away, such as salami attacks Both a detection and deterrent

Rotation of Duties/Job Rotation

Employees are rotated from one position to another within a company as a means to detect fraudulent actives from their predecessor An administrative control that can be costly which means some organizations can't do it Acts as both a deterrent and detection means

Separation of Duties

Ensure that one person acting alone cannot compromise the company's security in any way and avoids conflicts of interest If implemented, it would require collusion of two or more people to commit fraudulent activity An administrative control

Lock Grades

Grade 1: Commercial/industrial Grade 2: Heavy-duty residential/light duty Grade 3: Residential/consumer Hint: Number 1 is the best (strongest)

Response

Guards and local law enforcement agencies

Assessment

Guards, CCTV and cameras

Grade 2

Heavy-duty residential/light duty grade lock

No Output

If a report has no information (nothing to report) then it should say these two words This ensures that there really was no information to show so you are clearly stating it on purpose

Critical Files and Operations

If a shutdown suggests corruption then those things need to be checked for integrity

Fix Issue and Recover Files

In single user mode the administrator salvages file systems from damage that may have occurred as a result of a bad shutdown

Class 3 Gate

Industrial

Standby Lighting

It floods a given area with light when suspicious activity is detected Activated when something is not right Configured at times to turn off and on

Need to Know

Limits access to information required of an individual to know in order to perform a "specific" task/job, especially useful in MAC/security clearance environments Need to know focuses on permissions and the ability to access information Just because one has a secret clearance doesn't mean one has access to ALL secret material

Least Privilege

Limits permissions on what is required of an individual to perform a task/job

Access Control Mechanisms

Locks, keys, electronic card access system and personnel awareness

Single User / Safe Mode

Occurs when a system cold start takes place due to the system's inability to automatically recover itself to a secure state Connectivity and mounting are usually disable so the user must be physically present at console

Piggybacking

Occurs when someone gains unauthorized access by following another person closely through a door without providing credentials

Emergency System Restart

Performed after a system fails in an uncontrolled manner in response to a TCB and is entered into a maintenance mode

System Reboot

Performed after shutting down the system in a controlled manner in response to a TCB failure Before restart the recovery mechanisms make a best effort to correct any inconsistencies

Intrusion Detection Devices

Perimeter sensors, interior sensors and annunciation mechanisms

Class 1 Gate

Residential

Grade 3

Residential/consumer grade lock

Class 4 Gate

Restricted

Salami Attack

Shaving off pennies from multiple accounts and putting the money into one's own account

Deterrents

Signs, lighting and environmental design

Trusted Recovery

States that when an OS or application crashes it should not put the system in an insecure state

Responsive Area Illumination

Takes place when an IDS detects a suspicious activity so it turns on the lights in that area

System Cold Start

Takes place when unexpected TCB takes place and the recovery procedures cannot bring the system to a consistent state, the user may need to manually intervene to get the system running

Depth of Field (DOF)

The area between the nearest and farthest points that appear to be in focus Varies depending on the size of the lens opening, the distance of the object being focused on and the focal length of the lens Increases as the size of the lens opening decreases, the subject distance increases or the focal length of the lens decreases Use a wide-angle lens with small opening to cover a wide area, not focused on anything

Configuration Management (CM)

The process of establishing and maintaining consistent baselines on all systems, which is also a part of operational security Ensures that system are deployed similarly AT THE START, but other processes wouldn't prevent an unauthorized change so CHANGE MANAGEMENT kicks in A policy of who, what, where, when, why and how changes are approved and made 1) Baselining 2) Patch Management 3) Vulnerability Management

Barbed Wire

Tilted out to prevent outsiders from coming in Tilted in to prevent prisoners from escaping

Life-cycle Assurance

To show that a product or system has met its security goals throughout its lifetime

Atomic

Transactions cannot be interrupted between the input being provided and the generation of output, thus protecting against TOC/TOU attacks

Sensing accessing Control Reader

User does not need to swipe a card or enter a PIN, instead the device can detect it from a distance

User-activated Reader

User needs to swipe a card or enter a PIN

Closed-circuit Television (CCTV)

Video surveillance used to detect, assess and identify intruders and usually with other controls such as guards, IDSs and alarm systems A multiplexer can be used to connect multiple cameras at the same time Inserting a pre-recorded video into the cable is common type of attack (in the movies at least)

Glare Protection

When lights are pointed away from the guard post so that anyone approaching the checkpoint can be seen by the gaurds

Meshing and Gauging

__________ is minimum clear distance between wires and __________ is the thickness of the wire Smaller mesh is more secure Larger gauge is more secure 11 Gauge, 3/8" mesh - Extremely high security 9 Gauge, 1" mesh - Very high security 11 Gauge, 1" mesh - High security 6 Gauge, 2" mesh - Above average security 9 Gauge, 2" mesh - Normal