CISSP-7-Security-Operations
Clipping Level
Predefined thresholds for the number of certain types of errors that will be allowed before the activity is considered suspicious and reported
Physical Barriers
Fences, gates, walls, doors, windows, protected vents and vehicular barriers
Slot Lock
A device lock type that secures a device to a stationary component by the use of a steel cable that is connected to a slot in a desk
Peripheral Switch Control
A device lock type that secures a keyboard by inserting an on/off switch between the system unit and the keyboard input slot
Electronic Access Control (EAC) Tokens
A generic term used to describe a proximity authentication device
Annunciator
A bell, light or alarm that provides information on the state or condition of something such as someone breaking into a restricted area Can detect intrusions via CCTV to help guards
Device Lock
A cable type lock that can secure a computer or peripheral to a desk to prevent theft or access
Key Override
A cipher lock capability ... A combination can be programmed into the lock to override in case of emergency situations
Hostage Alarm
A cipher lock capability ... An individual under duress can enter a special code that notifies security peeps of a situation
Door Delay
A cipher lock capability ... If a door is held open for too long, an alarm will trigger to alert personnel of suspicious activity
Master Keying
A cipher lock capability ... Supervisory personnel can change access codes and other features of the cipher lock
Port Control
A device lock type that blocks access to disk drivers or unused serial/parallel ports
Switch Control
A device lock type that covers power switches
Cable Trap
A device lock type that prevents the removal of input/output devices by passing the cables through a lockable unit
Charged-coupled Device (CCD)
A light-sensitive chip that is used in CCTVs
Device Lock Types
1) Switch controls 2) Slot locks 3) Port controls 4) Peripheral switch controls 5) Cable traps
Operating System Responses to Failures
1) System reboot 2) Emergency system restart 3) System cold start
Remote System Administration
1) Use VPN 2) Use SSH, commands should not be in cleartext 3) Strong authentication 4) Critical systems should be administered "locally" 5) Only a small number of administrators should be allowed to remotely administer a system
Mechanical Lock Types
1) Warded 2) Tumbler
Fence Sizes
3-4 ft: Deter only casual trespassers 6-7 ft: Consider too high to easily climb *8 ft: Deters the most determined intruder
Operational Assurance Examples
1) Access control mechanisms 2) Separation of privileged and user program code 3) Auditing and monitoring capabilities 4) Covert channel Analysis 5) Trusted recovery after a failure ... and more
Life-cycle Assurance Examples
1) Design specifications 2) Clipping-level configurations 3) Unit and integration testing 4) Configuration management 5) Trusted distribution ... and more
Physical Access Entry Point Types
1) External 2) Main 3) Secondary
CCTV Lens Types
1) Fixed focal length 2) Zoom (varifocal) Long focal lengths provide shorter area of views Warehouse: 2.8 - 4.3 mm Doorway: 8 mm Optimal zooms are better than digital zooms for overall quality for both wide and narrow shots
Security Administrator
1) Implements and maintains security devices and software 2) Carries out security assessments 3) Creates and maintains user profiles, access control mechanisms and MAC security labels 4) Manages password policies 5) Reviews audit logs Should not report to or be the same as a network administrator due to potential conflict of interest
Cylinder Strength Categories
1) Low Security: No pick/drill resistance 2) Medium Security: Some pick/drill resistance 3) High Security: High resistance, Grade 1/2 locks
Tumbler Lock Types
1) Pin 2) Wafer 3) Lever
Operating System Concerns
1) Protect the bootup sequence (C/A/D) 2) Prohibit bypassing of writing actions to system logs 3) Do not allow system forced shutdowns 4) Do not allow outputs to be rerouted
Racking
A lock picking technique against a pin tumbler lock where the lock pick is pushed to the back of the lock and quickly slid out while providing upward pressure whereby the pins fall in place
Tension Wrench
A lock picking tool shaped like a L and is used to apply tension to the internal cylinder of a lock in order to manipulate the pins
Bastion Host
A locked down system like those in a DMZ
Initial Program Load (IPL)
A mainframe term that refers to rebooting when the system loads the OS kernel into memory
Mechanical Combination Lock
A mechanical lock that requires the correct sequence of numbers to unlock it by using internal wheels and the more wheels the more protection
Warded Lock
A mechanical lock that uses a set of obstructions, or wards, to prevent the lock from opening unless the correct key is inserted, which has notches or slots corresponding to the obstructions in the lock, allowing it to rotate freely inside the lock Cheapest and easiest to pick
Tumbler Lock
A mechanical lock that uses pins, wafers or levers of varying lengths to prevent the lock from opening without the correct key
Lux
A metric used to measure illumination strength
Underwriters Laboratory (UL)
A nonprofit organization that tests, inspects and classifies electronic devices, fire protection equipment and construction materials The NIST version of the physical security world
Lock
A physical access control mechanism that is inexpensive and considered a "delaying" device and should not be considered a sole protection scheme, instead used with other controls The door, walls, hinges and frame should be just as strong as this device
Cipher Lock
A programmable lock that uses a keypad to control access and adds more intelligence than a traditional combination lock, including intrusion detection lockout and alarm remote initiation Other features include: 1) Door delay 2) Key override 3) Master keying 4) Hostage alarm Should have a backup power supply/battery and a shield to prevent keyboard shoulder surfing Also keyboards should be cleaned and the combinations should be randomly changed
Bollard
A small pillar put outside of a building in order to prevent someone from driving a vehicle through the exterior wall or access point
Wafer Tumbler Lock
A tumbler lock that is small and round that is often used for file cabinets, using wafers instead of pins Does not provide much protection
Hardware Implementation
A type of RAID implementation that uses its own CPU for calculations on an intelligent controller
Smart Card
A type of cipher lock that permits specific codes to be assigned to unique individuals allowing for better accountability and auditing A hotel key card is an example
Perimeter Intrusion Detection and Assessment System (PIDAS)
A type of fencing that has sensors located on the wire mesh and at the base of the fence that can set off an intrusion alarm if cut or climbed You would see these at a prison or military base
Electromechanical System
An IDS that detects a "break" in a circuit, such as strips of metal foil embedded in a window or door
Photoelectric / Photometric System
An IDS that detects the change in a light beam Hint: photo = light
Passive Infrared (PIR) System
An IDS that detects the changes of heat waves in an area it is configured to monitor usually through the use of particle changes in the air Think of this as a thermal device
Event Management
An application that collects various logs looking for patterns and potentially malicious activities
Continuous Lighting
An array of lights that provides an even amount of illumination across an area without interruption MOST common type -- more so than standby
Electronic Combination Lock
An electronic version of a mechanical lock where a keypad is used instead of internal wheels
Business Software Alliance (BSA)
An organization that targets companies that use pirated/illegal copies of software
Transponder
Another name for sensing access control reader
Gate Classifications
Class I - Residential Class 2 - Commercial (public parking lot) Class 3 - Industrial (warehouse) Class 4 - Restricted (prison) Hint: Israeli Military - Prison Four Residents commercialize industrial restrictions
Class 2 Gate
Commercial
Grade 1
Commercial/industrial grade lock
Operational Assurance
Concentrates on the product's architecture, embedded features and functionality that enable a customer to continually obtain the necessary level of protection when using the product
Iris
Controls the amount of light going into a camera lens and can be controlled manually or auto
Lighting
Critical areas need to have illumination that reaches at least 8 feet with the illumination intensity of 2 foot-candles Hint: 8 ft tall baby celebrates second birthday
Mandatory Vacation
Employees are required to take time off as a means to detect fraudulent actives when they are away, such as salami attacks Both a detection and deterrent
Rotation of Duties/Job Rotation
Employees are rotated from one position to another within a company as a means to detect fraudulent actives from their predecessor An administrative control that can be costly which means some organizations can't do it Acts as both a deterrent and detection means
Separation of Duties
Ensure that one person acting alone cannot compromise the company's security in any way and avoids conflicts of interest If implemented, it would require collusion of two or more people to commit fraudulent activity An administrative control
Lock Grades
Grade 1: Commercial/industrial Grade 2: Heavy-duty residential/light duty Grade 3: Residential/consumer Hint: Number 1 is the best (strongest)
Response
Guards and local law enforcement agencies
Assessment
Guards, CCTV and cameras
Grade 2
Heavy-duty residential/light duty grade lock
No Output
If a report has no information (nothing to report) then it should say these two words This ensures that there really was no information to show so you are clearly stating it on purpose
Critical Files and Operations
If a shutdown suggests corruption then those things need to be checked for integrity
Fix Issue and Recover Files
In single user mode the administrator salvages file systems from damage that may have occurred as a result of a bad shutdown
Class 3 Gate
Industrial
Standby Lighting
It floods a given area with light when suspicious activity is detected Activated when something is not right Configured at times to turn off and on
Need to Know
Limits access to information required of an individual to know in order to perform a "specific" task/job, especially useful in MAC/security clearance environments Need to know focuses on permissions and the ability to access information Just because one has a secret clearance doesn't mean one has access to ALL secret material
Least Privilege
Limits permissions on what is required of an individual to perform a task/job
Access Control Mechanisms
Locks, keys, electronic card access system and personnel awareness
Single User / Safe Mode
Occurs when a system cold start takes place due to the system's inability to automatically recover itself to a secure state Connectivity and mounting are usually disable so the user must be physically present at console
Piggybacking
Occurs when someone gains unauthorized access by following another person closely through a door without providing credentials
Emergency System Restart
Performed after a system fails in an uncontrolled manner in response to a TCB and is entered into a maintenance mode
System Reboot
Performed after shutting down the system in a controlled manner in response to a TCB failure Before restart the recovery mechanisms make a best effort to correct any inconsistencies
Intrusion Detection Devices
Perimeter sensors, interior sensors and annunciation mechanisms
Class 1 Gate
Residential
Grade 3
Residential/consumer grade lock
Class 4 Gate
Restricted
Salami Attack
Shaving off pennies from multiple accounts and putting the money into one's own account
Deterrents
Signs, lighting and environmental design
Trusted Recovery
States that when an OS or application crashes it should not put the system in an insecure state
Responsive Area Illumination
Takes place when an IDS detects a suspicious activity so it turns on the lights in that area
System Cold Start
Takes place when unexpected TCB takes place and the recovery procedures cannot bring the system to a consistent state, the user may need to manually intervene to get the system running
Depth of Field (DOF)
The area between the nearest and farthest points that appear to be in focus Varies depending on the size of the lens opening, the distance of the object being focused on and the focal length of the lens Increases as the size of the lens opening decreases, the subject distance increases or the focal length of the lens decreases Use a wide-angle lens with small opening to cover a wide area, not focused on anything
Configuration Management (CM)
The process of establishing and maintaining consistent baselines on all systems, which is also a part of operational security Ensures that system are deployed similarly AT THE START, but other processes wouldn't prevent an unauthorized change so CHANGE MANAGEMENT kicks in A policy of who, what, where, when, why and how changes are approved and made 1) Baselining 2) Patch Management 3) Vulnerability Management
Barbed Wire
Tilted out to prevent outsiders from coming in Tilted in to prevent prisoners from escaping
Life-cycle Assurance
To show that a product or system has met its security goals throughout its lifetime
Atomic
Transactions cannot be interrupted between the input being provided and the generation of output, thus protecting against TOC/TOU attacks
Sensing accessing Control Reader
User does not need to swipe a card or enter a PIN, instead the device can detect it from a distance
User-activated Reader
User needs to swipe a card or enter a PIN
Closed-circuit Television (CCTV)
Video surveillance used to detect, assess and identify intruders and usually with other controls such as guards, IDSs and alarm systems A multiplexer can be used to connect multiple cameras at the same time Inserting a pre-recorded video into the cable is common type of attack (in the movies at least)
Glare Protection
When lights are pointed away from the guard post so that anyone approaching the checkpoint can be seen by the gaurds
Meshing and Gauging
__________ is minimum clear distance between wires and __________ is the thickness of the wire Smaller mesh is more secure Larger gauge is more secure 11 Gauge, 3/8" mesh - Extremely high security 9 Gauge, 1" mesh - Very high security 11 Gauge, 1" mesh - High security 6 Gauge, 2" mesh - Above average security 9 Gauge, 2" mesh - Normal