Shon Harris CISSP

Course Introduction 9mCourse Introduction

Domain 1 - Information Security and Risk Management 3h 25mInformation Security and Risk ManagementMainframe DaysIn the Good Old Days – Who Knew?Today’s EnvironmentSecurity DefinitionsVulnerabilitiesExamples of Some Vulnerabilities that Are Not Always ObviousRisk – What Does It Really Mean?RelationshipsWho Deals with Risk?Overall Business RiskWho?AIC TriadAvailabilityIntegrityConfidentialityWho Is Watching?Social EngineeringWhat Security People Are Really ThinkingSecurity ConceptsSecurity?The Bad Guys Are MotivatedIf Not Obscurity – Then What?Open StandardsCommon Open StandardsWithout Standards“Soft” ControlsLogical ControlsPhysical ControlsAre There Gaps?Understanding DriversHolistic SecurityNot Always So Easy

What Is First?Different Types of LawHow Is Liability Determined?Examples of Due DiligenceExamples of Due CarePrudent Person RulePrudent PersonTaking the Right StepsRegulationsWhy Do We Need Regulations?Risk ManagementWhy Is Risk Management Difficult?Necessary Level of Protection Is Different for Each OrganizationSecurity Team/CommitteeRisk Management ProcessPlanning Stage – TeamAnalysis ParalysisPlanning Stage – ScopePlanning Stage – Analysis MethodRisk Management ToolsDefining Acceptable LevelsAcceptable Risk LevelCollecting and Analyzing Data MethodsWhat Is a Company Asset?Data Collection – Identify AssetsData Collection – Assigning ValuesAsset ValueData Collection – Identify ThreatsData Collection – Calculate RisksScenario Based – QualitativeRisk ApproachQualitative Analysis StepsWant Real Answers?Qualitative Risk Analysis RatingsQualitative RisksQuantitative Analysis StepsQuantitative AnalysisHow Often Will This Happen?ARO Values and Their MeaningCalculate ALEALE Value UsesRelationshipsCalculate Risks – ALE ExampleYour Turn!ALE CalculationCan a Purely Quantitative Analysis Be Accomplished?Risk TypesExamples of Types of Losses

Delayed LossCost/Benefit AnalysisCost of a CountermeasureCost/Benefit Analysis Countermeasure CriteriaCalculating Cost/BenefitControlsControl Selection RequirementsQuantitative AnalysisQuantitative Analysis DisadvantagesQualitative Analysis ApproachQualitative Analysis DisadvantagesCan You Get Rid of All Risk?Calculating Residual RiskUncertainty AnalysisDealing with RiskManagement’s Response to Identified RisksRisk AcceptanceRisk Analysis Process SummaryComponents of Security ProgramA Layered ApproachIn Security, You Never Want Any SurprisesBuilding FoundationSecurity RoadmapFunctional and Assurance RequirementsBuilding FoundationMost OrganizationsSilo Security StructureIslands of Security Needs and ToolsGet Out of a Silo ApproachSecurity Is a ProcessApproach to Security ManagementResult of Battling ManagementIndustry Best Practices StandardsISO/IEC 17799Pieces and PartsNumberingNew ISO StandardsCOBITInside of COBITCOBIT – Control ObjectivesMeasurementsInformation Technology Infrastructure Library 3rd Party GovernanceSecurity GovernanceSecurity Program ComponentsPolicy FrameworkPolicy TypesOrganizational Policy

Policy Approved – Now What?Issue-Specific PoliciesASP Policy ExampleSystem-Specific PoliciesStandardsStandard ExampleBaselineData Collection for MetricsGuidelinesProceduresTying Them TogetherProgram SupportEntity RelationshipsSenior Management’s RoleSecurity RolesCustodianAuditorAccessInformation ClassificationInformation Classification ProgramData LeakageDo You Want to End Up in the News?Types of Classification LevelsData Protection LevelsClassification Program StepsInformation Classification ComponentsProcedures and GuidelinesClassification LevelsInformation Classification CriteriaCriteria ExampleOr NotInformation Owner RequirementsClearly LabeledTesting Classification ProgramWho Is Always Causing Problems?Employee ManagementHiring and Firing IssuesA Few More ItemsUnfriendly TerminationSecurity Awareness and TrainingTraining CharacteristicsAwarenessSecurity Enforcement IssuesAnswer This QuestionDomain 1 Review

Domain 2 - Access Control 5h 11mAccess ControlAgenda 1DefinitionsThreat Modeling - NomenclatureThreat Modeling ProcessAsset ValuationVulnerability AnalysisAccess Control Mechanism ExamplesTechnical ControlsAdministrative ControlsAccess Control CharacteristicsPreventive ControlsPreventive - Administrative ControlsPreventive – Physical ControlsPreventive - Technical ControlsControl CombinationsDetective - Administrative ControlDetective ExamplesAdministrating Access ControlOS, Application, DatabaseAdministrating Access ControlAuthorization CreepAccountability and Access ControlTrusted PathFake Login Pages Look ConvincingWho Are You? Identification IssuesAuthentication Mechanisms CharacteristicsStrong AuthenticationFraud ControlsInternal Control Tool: Separation of DutiesAuthentication Mechanisms in Use TodayBiometrics TechnologyBiometric DevicesExampleVerification StepsWhat a Person IsWhy Use Biometrics?Biometric TypeIdentification or Authentication?Iris SamplingIrisFinger ScanHand GeometryFacial RecognitionComparisonBiometrics Verification

IssuesDownfalls to Biometric UseBiometrics Error TypesCrossover Error Rate Biometric System TypesPasswordsPassword GeneratorsPassword “Shoulds”Support IssuesPassword AttacksAttack StepsMany Tools to Break Your PasswordRainbow TablePasswords Should NOT Contain…What’s Left?Countermeasures for Password CrackingCognitive PasswordsOne-Time Password AuthenticationSynchronous TokenOne Type of SolutionSynchronous StepsAdministrator ConfiguresChallenge Response AuthenticationAsynchronous Token DeviceAsynchronous StepsChallenge Response AuthenticationCryptographic KeysPassphrase Authentication Key ProtectionMemory CardsMemory Card CharacteristicsSmart Card CharacteristicsCard TypesSmart Card AttacksSoftware AttackSide Channel AttackSide Channel Data CollectionMicroprobingIdentity ManagementHow Are These Entities Controlled? Some Current IssuesManagementTypical ChaosDifferent IdentitiesIdentity Management TechnologiesDirectory ComponentEnterprise Directory

Directory ResponsibilitiesAuthoritative SourcesMeta DirectoryDirectory InteractionsWeb Access ManagementWeb Access Password ManagementLegacy Single Sign-OnAccount Management SystemsIdentify and Access Provisioning LifecycleProvisioning ComponentProvisioning Not Just ComputersUser EntitlementAccess Review and AuditProfile UpdateWorking TogetherEnterprise DirectoryIdentity Management Solution Components Right for Your CompanyWhat you need to knowFederated IdentityIdentity TheftFake Login ToolsHow Do These Attacks Work?Attempts to Get Your CredentialsHow Do These Work?Instructional EmailsKnowing What You Are Disposing of Is ImportantOther ExamplesAnother Danger to Be Aware of… SpywareIs Someone Watching You?What Does This Have to Do with My Computer?Sometimes You Know that Software Is Installing on Your SystemNew Spyware Is Being Identified Every WeekSpyware Comes in Many Different FormsHow to Prevent SpywareDifferent TechnologiesSingle Sign-on TechnologySingle Sign-onDirectory Services as a Single Sign-on TechnologyActive DirectorySome Technologies Can Combine ServicesSecurity DomainDomains of TrustDomain IllustrationThin Clients

ExampleKerberos as a Single Sign-on TechnologyKerberos Components Working TogetherPieces and PartsMore Components of KerberosKDC ComponentsKerberos StepsTicketsTicket ComponentsAuthenticatorsSteps of ValidationKerberos SecurityWhy Go Through All of this Trouble?Issues Pertaining to KerberosKerberos IssuesSESAME as a Single Sign-on TechnologySESAME Steps for AuthenticationComboModels for AccessAccess Control ModelsDiscretionary Access Control ModelACL AccessFile PermissionsEnforcing a DAC PolicySecurity IssuesMandatory Access Control ModelMAC Enforcement Mechanism – LabelsFormal ModelSoftware and HardwareSoftware and Hardware GuardsWhere Are They Used?SELinuxMAC Versus DACRole-Based Access Control RBAC Hierarchy RBAC and SoDAcquiring Rights and PermissionsRule-Based Access ControlFirewall ExampleAccess Control MatrixCapability TablesUser Capability TablesTemporal Access ControlAccess Control AdministrationAccess Control MethodsCentralized ApproachRemote Centralized AdministrationRADIUS

RADIUS StepsRADIUS CharacteristicsTACACS+ CharacteristicsDiameter CharacteristicsDiameter ProtocolMobile IPDiameter ArchitectureTwo PiecesAVPDecentralized Access Control AdministrationControlling Access to Sensitive Data Protecting Access to System LogsAccountability = Auditing EventsAgenda 2IDSIDS StepsNetwork IDS SensorsHost IDSCombinationTypes of IDSsSignature-Based ExampleBehavior-Based IDSStatistical AnomalyStatistical IDSProtocol AnomalyWhat Is a Protocol Anomaly?Protocol Anomaly IssuesTraffic AnomalyIDS Response MechanismsResponses to AttacksIDS IssuesIntrusion Prevention SystemDifferencesVulnerable IDSTrapping an IntruderDomain 2 Review

Domain 3 - Cryptography 5h 11mCryptographyServices Provided by CryptographyCryptographic DefinitionsCipherCryptanalysisA Few More DefinitionsNeed Some More Definitions?Now This Would be Hard WorkSymmetric Cryptography – Use of Secret Keys Historical Uses of Symmetric Cryptography – Hieroglyphics

Scytale CipherSubstitution CiphersSimple Substitution Cipher AtbashSimple Substitution Cipher Caesar CipherCaesar Cipher ExampleSimple Substitution Cipher ROT13Historical UsesPolyalphabetic Cipher – Vigenere CipherPolyalphabetic SubstitutionVigenere AlgorithmEnigma MachineU-Boats had Enigma MachinesCode BookHistorical Uses of Symmetric Cryptography – Running Key and Concealment Agenda 1Cryptography LifecycleTransposition CiphersKey and Algorithm RelationshipDoes Size Really Matter?It Does with Key SizesKey spaceWays of Breaking Cryptosystems – Brute ForceBrute Force ComponentsWays of Breaking Cryptosystems – Frequency Analysis Strength of a CryptosystemDo You Know What You are Doing? Developing Cryptographic Solutions In-HouseCharacteristics of Strong AlgorithmsOpen or Closed More Secure?Agenda 2Types of Ciphers Used TodayType of Symmetric Cipher – Block CipherS-Boxes Used in Block CiphersBinary Mathematical Function 1Type of Symmetric Cipher – Stream CipherSymmetric CharacteristicsInitialization VectorsSecurity HolesStrength of a Stream CipherLet’s Dive in DeeperSymmetric Key CryptographyOut-of-Band TransmissionSymmetric Key Management IssueSymmetric Algorithm ExamplesSymmetric DownfallsWhy?Asymmetric Cryptography Key Functions

Public Key Cryptography AdvantagesAsymmetric Algorithm DisadvantagesConfusing NamesSymmetric versus AsymmetricAsymmetric Algorithm ExamplesQuestions 1When to Use Which KeyUsing the Algorithm Types Together Encryption StepsReceiver's Public Key Is Used to Encrypt the Symmetric KeyReceiver’s Private Key Is Used to Decrypt the Symmetric KeyDigital EnvelopeE-mail SecuritySecret versus Session KeysAsymmetric Algorithms We Will Dive IntoAsymmetric Algorithm – Diffie-HellmanDiffie-HellmanKey Agreement SchemesAsymmetric Algorithm – RSAFactoring Large NumbersRSA OperationsRSA Key SizeEl GamalECCECC BenefitsAsymmetric MathematicsAsymmetric SecurityMathematicsSymmetric Ciphers We Will Dive IntoSymmetric Algorithms – DESBlock CipherDouble DESEvolution of DESModes of 3DESEncryption ModesBlock Cipher Modes – CBCIV and CBCCBC ExampleDifferent Modes of Block Ciphers –ECBECB versus CBCBlock Cipher Modes – CFB and OFBCFB and OFB ModesCounter ModeModes SummarySymmetric Cipher – AESIDEARC4RC5

Agenda 3Data IntegrityHashing StepsProtecting the Integrity of DataHashing AlgorithmsData Integrity MechanismsHashing StrengthQuestion 1Weakness in Using Only Hash AlgorithmsMore Protection in Data IntegrityMACHMAC – SenderHMAC – ReceiverAnother LookWhat ServicesAuthentication TypesCBC-MACMAC Using Block CiphersIntegrity?What Services?Question 2Digital SignaturesOne More Look 1U.S. Government StandardWhat is…Not Giving up the FarmZero Knowledge Proof Message Integrity ControlsSecurity Issues in HashingExample of a Birthday AttackBirthday Attack IssuesKey ManagementKey BackupKey Management (Cont.)Key UsageCryptoperiodM-of-NKey TypesAgenda 4Why Do We Need a PKI?PKI and Its ComponentsComponents of PKIPKIPKI StepsRA RolesCALet’s Walk Through an ExampleDigital Certificates

CertificateSigning the CertificateVerifying the CertificateTrusted CA’sNon-Trusted CAOne More Look 2What Do You Do with a Certificate?Components of PKI, Repository, and CRLsRevoked?CRL ProcessDifferent Uses for CertificatesLifecycle of a CertificateCross CertificationPKI and TrustAgenda 5Historical Uses of Symmetric Cryptography – Vernam Cipher Binary Mathematical Function 2One-Time Pad in ActionOne-Time Pad CharacteristicsSteganographySteganography UtilitiesDigital WatermarkingLink versus End-to-End Encryption End-to-End EncryptionEncryption LocationEmail Standards You DecideNon-HierarchicalSecure ProtocolsSSL Connection SetupExample - SSLValidating CertificateSecure Protocols (Cont.)SSL and the OSI ModelE-CommerceHow Are You Doing?Hard the First Times ThroughSecure Email StandardAgenda 6Network Layer ProtectionIPSec Key ManagementIPSec Handshaking ProcessVPN EstablishmentSAs in UseKey Issues Within IPSecConfiguration of SA ParametersIPSec Configuration OptionsIPSec Is a Suite of Protocols

AH and ESP ModesIPSec Modes of OperationVPN Establishment (Cont.)ReviewQuestions 2Attack TypesAttacks on CryptosystemsKnown-Plaintext AttackChosen-Plaintext AttackChosen-Ciphertext AttackAdaptive AttacksSide Channel AttacksDomain 3 Review

Domain 4 - Physical Security 1h 38mPhysical SecurityPhysical Security – ThreatsDifferent Types of ThreatsCategories of ThreatsWake Up CallNot Just HackingNumber One PriorityLegal IssuesPlanning PhasePhysical Security Program Goals Measurable ResultsPlanning ProcessRisk Assessment Needs to be Carried OutDeterrenceDeterrence OptionsDelayAnother Delay ApproachLayered Defense ModelLayers of DefenseDetectionAssessmentResponseWeak Link in the ChainPart of the Overall Security ProgramControls with the Same GoalsAgenda 1Threat CategoriesCrime Prevention through Environmental Design Crux of ApproachProtection Built InCPTED ExamplesNatural Access ControlAccess Control

CPTED Main StrategiesTarget HardeningAccess BarriersFacility Site SelectionUrban CamouflageFacility ConstructionEarthquake ProtectionConstruction MaterialsRebar Encased in ConcretePentagon with ReinforcementsFire Resistance WallsData CenterData Center ProtectionDesigning a Secure SiteLevels of ProtectionDoor TypesHollow-Core DoorsSolid Core DoorsBullet Proof DoorDoor ComponentDoor Lock TypesWindow TypesControlling AccessSensitive AreasPossible ThreatsSecurity ZonesVarious SensorsLock TypesControlling KeysSmart LocksLock PickingEntry Access ControlFacility AccessWireless Proximity DevicesDevice TypesPiggybackingEntrance ProtectionMantrapsDoor ConfigurationsExternal Boundary ProtectionPerimeter Protection – FencingDetection FencingDetecting IntrudersFencing CharacteristicsFencing IssuesGatesWhat Level of Protection is Needed?Bollards

Perimeter Protection – LightingProperly Laid OutLighting IssuesPerimeter Security – Security GuardsGuard TasksSecurity GuardsMonitoringLevel of Detail that is RequiredCCTVItems to Consider about CCTVsCCTV ComponentsCCTV Lens TypesCCTV Components (Cont.)Agenda 2Types of Physical Intrusion Detection SystemsIntrusion Detection CharacteristicsElectro-Mechanical SensorsVolumetric SensorsAlarm SystemsSecuring Mobile DevicesStolen Laptops (partial list..)Agenda 3HVAC AttributesEnvironmental ConsiderationsWho’s Got Gas?Documentation of ProceduresElectrical PowerBackup PowerProblems with Steady Power CurrentPower InterferenceDisturbancesProtection Against Electromagnetic DischargeDefinitionsPower Preventive MeasuresDevice ProtectionConsistent Power FlowStatic ElectricityAgenda 4Fire PreventionNot AllowedComponents of FireFire SourcesAutomatic Detector MechanismsFire DetectionFire Suppression AgentsFire Types Emergency Power Off SwitchEmployees Need to be Trained

Fire Suppression SystemsFire ExtinguishersEmergency ProceduresDrills and TestingWater DetectorsFull ProgramDomain 4 Review

Domain 5 - Security Architecture and Design 3h 04mSecurity Architecture and DesignAgenda 1Computer ArchitectureCentral Processing Unit (CPU)RegistersArithmetic Logic UnitControl UnitProcessing DataRegister TypesProgram Status Word (PSW)Trust LevelsProcessMemory Segment AssignmentThreadsProcess and ThreadProcess StatesAgenda 2InterruptsInterrupt MaskingProcess TableMoving InformationStacksBusesProcessor and Buses32-Bit versus 64-BitWorking TogetherMultiprocessingMultiprocessorSystem FunctionalityMultitasking TypesMultitaskingDeadlockAgenda 3Memory TypesCache TypesRead Only MemoryVirtual MemorySwapping

Types of MemoryArchitecture ComponentsMemory Manager ResponsibilitiesMemory ProtectionMemory Manager Responsibilities (Cont.)Memory AddressingBase and Limit AddressesShared MemoryMemory Protection (Cont.)Memory LeaksAgenda 4CPU and OSSystem Protection – Levels of TrustTrust Levels (Cont.)System Protection - Protection RingsWhat Does It Mean to Be in a Specific Ring?System Protection – LayeringSystem Call InterfacesAPI Application Programming InterfaceSystem Protection - Application Program InterfaceProcess ProtectionProcess IsolationVirtual MappingProcess IDVirtual MachinesVMWareInput/Output DevicesI/O AddressingDevice TypesDevice DriversSecurity IssuesSoftware ComplexityTypes of CompromisesAgenda 5Trusted Computing BaseTCBHardened KernelExecution DomainsSimple DefinitionMain Functions of TCBProcess ActivationExecution Domain SwitchingSecurity PerimeterEvaluationSystem Protection - Reference MonitorSecurity Kernel Requirements Tying Concepts TogetherAgenda 6

Security LevelsMAC ModesModes of OperationMAC Modes (Cont.)Agenda 7Enterprise ArchitectureObjectivesWithout an Enterprise Security ArchitectureCan’t Just Wing ItJust RightBreaking Down the ComponentsStrategic AlignmentBusiness EnablementProcess EnhancementProcess Enhancement Requires…Security FoundationSecurity EffectivenessAre We Doing it Right?Integration of ComponentsHow Do We Do All of This?Security Enterprise ArchitectureIndustry ModelSecurity RoadmapTrust ZonesInfrastructure LevelApplication LayerComponent LayerBusiness Process LayerHolistic SecurityAgenda 8Access Control ModelsPolicy versus ModelState MachineInformation FlowInformation Flow ModelBell-LaPadulaRules of Bell-LaPadulaRules ClarifiedTranquility TypesBibaDefinition of IntegrityBiba Access RulesClark-WilsonGoals of ModelClark Wilson ComponentsClark-Wilson (Cont.)Clark-Wilson ModelNon-Interference Model

Lattice-Based Access ControlLattice ApproachUnderstanding LatticeAccess Control Matrix ModelAccess Control MatrixBrewer and Nash Model – Chinese WallBrewer and NashTake-Grant ModelGraham-Denning Model Agenda 9Trusted Computer System Evaluation Criteria (TCSEC)TCSECTCSEC Rating BreakdownEvaluation Criteria - ITSECITSEC RatingsITSEC – Good and BadCommon CriteriaCommon Criteria StandardSecurity Functional RequirementsSecurity Assurance RequirementsCommon Criteria ComponentsCommon Criteria RequirementsPackage RatingsCommon Criteria OutlineCertification Versus Accreditation Domain 5 Review

Domain 6 - Law, Investigation and Ethics 1h 10mLaw, Investigation and EthicsNot Just Fun and GamesAgendaExamples of Computer CrimesWho Perpetrates These Crimes?Types of Motivation for AttacksA Few Attack TypesDumpster DivingTelephone FraudPrivacy of Sensitive DataPrivacy Issues – U.S. Laws as ExamplesEuropean Union Principles on Privacy Routing Data Through Different Countries Employee Privacy IssuesAgenda 1Civil LawCriminal LawAdministrative LawU.S. Federal Laws

Trade SecretCopyrightMore Intellectual Property LawsSoftware LicensingSoftware PiracyDigital Millennium Copyright Act Agenda 2Computer Crime and Its BarriersCountries Working TogetherWorldwide CybercrimeSecurity Principles for International UseDetermine if a Crime Has Indeed Been CommittedBringing in Law EnforcementCitizen versus Law Enforcement InvestigationInvestigation of Any CrimeRole of Evidence in a TrialEvidence RequirementsChain of CustodyHow Is Evidence Processed?Hearsay EvidenceHearsay Rule ExceptionAgenda 3Preparing for a Crime Before It HappensIncident Handling Evidence Collection TopicsComputer ForensicsHidden SecretsTrying to Trap the Bad GuyCompanies Can Be Found Liable Sets of Ethics(ISC)2Computer Ethics InstituteInternet Architecture BoardDomain 6 Review

Domain 7 - Telecommunications and Networking 6h 55mTelecommunications and NetworkingAgenda 1OSI ModelOSI LayersNetworking CommunicationsAn Older ModelData EncapsulationApplication LayerOSI – Application LayerPresentation LayerOSI – Presentation LayerOSI – Session Layer

Client/Server ModelClient/Server Session LayerTransport LayerTransport Layer AnalogyTransport ProtocolsOSI – Network LayerHere to ThereNetwork LayerOSI – Data LinkData LinkSublayersOSI – Physical LayerPhysical LayerLayers Working TogetherProtocols at Each LayerDevices Work at Different LayersTypes of NetworksNetwork Topologies – Physical LayerTopology Type – BusTopology Type – RingTopology Type – StarNetwork Topologies – MeshMesh TopologiesSummary of TopologiesAgenda 2LAN Media Access TechnologiesMedia AccessOne Goal of Media Access TechnologiesCollision DomainBack Off, BuddyCarrier Sense Multiple AccessCSMA/Collision Avoidance (CSMA/CA)Media Access Technologies – EthernetMedia Access Technologies – Token PassingToken’s RoleOther TechnologiesMedia Access Technologies – PollingAgenda 3Cabling Types – CoaxialCoaxialCabling Types – Twisted PairCable TypesTypes of Cabling – FiberMultimode vs. Single ModeSignal and Cable IssuesSignaling IssuesTransmission Types – Analog and Digital

Transmission Types – SynchronousAsynchronousTransmission Types – BasebandTransmission Types – BroadbandCabling Issues – Plenum-RatedTransmission Types – Number of ReceiversInternet Group Management ProtocolMulticastingNetwork TechnologiesExtranetNetwork Technologies (Cont.)EDI EvolutionNetworking DevicesNetwork Device – RepeaterNetwork Device – HubNetworking Device – BridgeForwarding Table ExampleNetwork Devices – SwitchVirtual LANVLANInterfaces and VLANsSniffersNetworking Devices – RouterHopsRoutersBridges Compared to RoutersNetwork Devices – GatewayAgenda 4Port and Protocol RelationshipClient PortsConceptual Use of PortsTCP/IP SuiteMulti-layer ProtocolsUDP versus TCPTCP SegmentSYN FloodTeardrop AttackSource RoutingSource Routing TypesIP Address RangesIPv6 ProtocolsProtocols – ARPIP to MAC MappingHow ARP WorksARP PoisoningICMP Packets

A Way Hackers Use ICMPPing StepsProtocols – SNMPSNMP in ActionSNMPSNMP OutputPOP3 and SMTPProtocols – SMTPMail RelayProtocols – FTP, TFTP, TelnetProtocols – RARP and BootPDHCP – Dynamic Host Configuration ProtocolAgenda 5Networking Device – Bastion HostNetwork ConfigurationsDMZ ConfigurationsFirewall ComparisonsNetwork Devices – FirewallsFirewall Types – Packet FilteringPacket Filtering FirewallPacket Filtering Firewall WeaknessesPacket FilteringRule Set ExampleFirewall Types – Proxy FirewallsFirewall Types – Circuit-Level Proxy FirewallCircuit-Level ProxyFirewall Types – Application-Layer ProxyApplication-Layer Proxy AdvantagesApplication-Layer Proxy DisadvantagesDedicated Proxy ServersFirewall Types – StatefulState TableCompareFirewall Types – Kernel ProxiesFirewall based VPN DevicesBest PracticesFirewall PlacementPacket Filtering (Cont.)Screened HostFirewall Architecture Types – Multi- or Dual-HomedScreened SubnetAgenda 6Dial-Up Protocols and Authentication ProtocolsDial-Up Protocol – SLIPDial-Up Protocol – PPPPPPPPP versus SLIPAuthentication Protocols – PAP

Authentication Protocols – CHAPAuthentication Protocol – EAPData InspectionVirtual Private Network TechnologiesWhat Is a Tunneling Protocol?AnalogyExamplesTunneling Protocols – PPTPTunneling Protocols – L2TPL2TP EncapsulationTunneling Protocols – IPSecIPSec Basic FeaturesIPSec Transport ModeIPSec Tunnel ModeSecurity Associations (SAs)Combining SasIterated TunnellingAgenda 7SDLC and HDLCLayer 3 at Layer 2MPLSMultiprotocol Label SwitchingQuality of Service (QoS)QoS ServicesAutonomous SystemsRouting ProtocolsRoutingRouting Protocols (Cont.)OSPFOSPF Packet ValuesIGRPBGPRouting Protocol AttacksMetropolitan Area Network TechnologiesMAN Technologies – FDDIFDDISONET RingsMAN Technologies – SONETConnecting NetworksNetwork ServicesNetwork Service – DNSDNS Server StructureName Resolving StepsSplit DNSHost Name Resolution AttacksNetwork Service – NATTypes of NATPAT

NISStoring DataNIS+ AuthenticationAgenda 8WAN Technologies Are Circuit or Packet SwitchedPSTNConnecting to the PSTNCircuit SwitchingSteps of ConnectionsMultiplexingTypes of MultiplexingTDM ProcessStatistical Time Division MultiplexingFDMFDM ProcessPacket SwitchingCircuit versus Packet SwitchingWAN Technologies – Packet SwitchedWAN Technologies – X.25X.25WAN Technologies – Frame RelayWAN ExampleFrame RelayPVC and SVCWAN Technologies – ATMCell SwitchingWide Area Network TechnologiesDedicated LinesWAN Technologies – ISDNOn-DemandISDN Service TypesWAN Technologies – DSLDSLADSLSDSLWAN Technologies – Cable ModemCable ModemsCable NetworkSatellitesHybrid ConnectionSatellite CoverageSatellite Supplying Different SubscribersNetwork Perimeter SecurityComplexity only IncreasesA Layered ApproachAgenda 9Traditional Voice NetworkPSTN (Cont.)

Private Branch ExchangePBX VulnerabilitiesPBX Best PracticesIP TelephonyVoice Over IPCombination of Old and NewIP Telephony ComponentsMedia GatewaysPBX and VoIPVoice over…IP Telephony IssuesTelephony Protection MechanismsTelephony SecurityIP Telephony with WirelessIP Phones SecurityMobile Technology GenerationsMobile Phone Security Mobile Device SecurityCell PhoneAgenda 10Wireless Technologies – Access PointWireless FrequenciesAlphabet Soup of StandardsSpread SpectrumOFDMWhere does Spread Spectrum Work?802.11nWireless Technologies – Access Point (Cont.)ArchitecturesWireless Technologies – Service Set IDAuthenticating to an AP802.11 AuthenticationWireless Technologies – WEPWEP ProblemsWireless Technologies – More WEP WoesLack of IntegrityWEP Security IssuesFrequency Management802.11 Security Solutions 802.1x802.1x AuthenticationTypes of 802.11 SecurityIEEE 802.11i StandardWireless EAPWireless Technologies – Common AttacksWireless Technologies – War DrivingNetStumbler ExampleWireless Reconnaissance Output

WarchalkingCountermeasuresWireless AttacksWormhole AttackWireless Technologies – WAPWireless Technologies – WTLSi-modeBluetoothInstant MessagingIM ThreatsIM CountermeasuresIM Secure InfrastructureDomain 7 Review

Domain 8 - Business Continuity 2h 42mBusiness ContinuityNeeds for BCPIs Your Organization Prepared?Is Your Company Prepared?9/11 Changed Mentalities About BCPDisaster affected ManyAmerica is RebuildingPartial FEMA Disaster List for 2005Do We have a Plan?DRP FocusBCP FocusComparing the TwoWhat is the Purpose of a BCP?More Reasons to have Plans in PlaceFrameworkBCP is a Core Component of Every Security ProgramSteps of BCP ProcessDifferent BCP ModelDocumentationDocumentation and ApprovalBCP Policy OutlinesBCP Policy SampleWho is In Charge and Who Can We Blame?What’s Needed in a Team?BCP Development TeamProject SizingProperly Determining Scope is ImportantBCP Risk Analysis StepsBIA StepsData GatheringInformation from Different SourcesAnalysis

Critical FunctionsHow to Identify the Most Critical Company FunctionsInterdependenciesWell, of course an Organization Knows How it Works!Business SilosUnderstanding the EnterpriseBIA Steps (Cont.)Identifying Functions’ ResourcesWho Connects to Who?BIA Steps (Cont..)Maximum Tolerable DowntimeMTDExample MTD Definitions BIA Steps (Cont...)Range of Threats to ConsiderThinking Outside of the Box What if….Biological ThreatsBIA Steps (Cont….)Potential DisastersRisk ApproachRanking by Risk LevelPotential LossesInclude all RISK ComponentsWhat Have We Completed Up to Now?BIA Steps (Cont…..)Recovery StrategiesAlternate Business Process ProceduresBusiness Process ReconstructionRecovery Strategies (Cont.)Facility RecoveryFacility Backups – Hot SiteFacility Backups – Warm SiteFacility Backups – Cold SiteCompatibility Issues with Offsite FacilityTertiary SitesSubscription CostsMultiple Processing CentersLocation, Location, LocationChoosing Site LocationOther Offsite ApproachesSecurity does Not StopMore OptionsRolling Hot SiteRecovery Strategies (Cont..)Supply and Technology Recovery VoIPEquipment Replacement

What Items Need to Be Considered?PrioritiesAnything Else?ReplacementsExecutive Succession PlanningRecovery Strategies (Cont...)User Environment RecoveryRecovery Strategies (Cont….)Data Recovery TechnologiesCo-LocationData RecoveryBackup RedundancyRecovering DataAutomated Backup TechnologiesTape VaultingData Recovery (Cont.)Clustering for Fault ToleranceClusteringDisk or Database ShadowingWhich Option to UseCost Effective MeasuresResources, Time, SolutionsDetermining Recovery SolutionsCost and Recovery TimesProactiveBIA Steps (Cont…...)Recovery SolutionsPreventative MeasuresReviewing InsuranceResults from the BIANow Ready to Develop the PlanBasic Structure of BCPProducts That Can HelpPlan ComponentsTeams to Be DevelopedExternal GroupsPolicy ComponentsActivation PhaseDamage AssessmentNotifying PersonnelPlan ActivationEmergency ResponsePolicy Components (Cont.)Next PhasesRecovery ProceduresDocumentation of Recovery StepsPolicy Components (Cont..)Reconstitution Phase

Reconstitution ItemsReturning to Original FacilityWho goes First?Disaster Hit – Now What?Termination of BCPLife CycleWho has the Plan?Backup of the Backup PlanResultsTypes of Tests to Choose FromTest ObjectivesTraining RequirementsLessons LearnedWhat Is Success?Out of Date?BCP Plans Commonly and Quickly Become Out of DateKeeping it CurrentChange ControlResulting Plan Should Contain…Phases of the BCPDomain 8 Review

Domain 9 - Application Security 3h 27mApplication SecurityHow Did We Get Here?Why Are We Not Improving at a Higher Rate?Usual Trend of Dealing with SecurityWhere to Implement SecurityAgenda 1Software Development ToolsCASE ToolsNew Paradigm of CodingSecurity IssuesLanguage TypesTurn into Machine CodeNew and OldObject-Oriented ProgrammingClasses and ObjectsObjectsObject CharacteristicsFunctions and MessagesEncapsulationModularity of ObjectsObject-Oriented Programming CharacteristicPolymorphismAnother Characteristic of OOPModule CharacteristicsLow Cohesion

Levels of CohesionCouplingAgenda 2Distributed ComputingDistributed Computing – ORBsCommon Object Request Broker ArchitectureCOM ArchitectureDCOM ArchitectureEnterprise Java BeansJ2EE Platform ExampleLinking Through COMMobile Code with Active Content World Wide Web OLEActiveX SecurityJava and AppletsSandboxJava and BytecodeAgenda 3Database SystemsDatabase ModelTimelineHierarchical DatabaseNetwork DatabaseObject-Oriented DatabaseBenefits of OO Database ModelObject Relational DatabaseRelational DatabaseDatabase Models – Relational ComponentsRelational Database EntitiesPrimary KeyForeign KeyDatabase IntegrityDifferent Modeling ApproachesDatabase Access MethodsAccessing DatabasesODBCOLE DBOLE DB Database AccessActiveX Data Objects (ADO)Java Database ConnectivityDatabase ConnectivityeXtensible Markup LanguageXML DatabaseAgenda 4Database Security MechanismsDatabases are Busy BeastsRollback ControlCheckpoint Control

Checkpoint ProtectionLock ControlsDeadlock ExampleTwo-Phase CommitLock Controls Help to Provide ACIDInference AttackDatabase View ControlCommon ComponentsAgenda 5Data WarehousingWarehouse CreationUsing a Data WarehouseMetadataDatabase ComponentData MartPotential Malicious Traffic Tunneling through Port 80 URL InterpretationCommon Database AttacksAgenda 6OLTPOnline Transaction ProcessingOLTP RequirementsOnline Analytical ProcessingKnowledge ManagementKnowledge ComponentsHR ExampleKnowledge Discovery in DatabasesData MiningApproaches to Knowledge ManagementExpert SystemsExpert System ComponentsArtificial Neural NetworksData, Information, KnowledgeComparing TypesAgenda 7Software Development ModelsSystem Life CycleProject Development – Phases I and IIProject Development – Phases III and IVPhase VProject Development – Phases VI and VIITesting TypesLevels of TestsData Contamination ControlsBest Practices for TestingTest for Specific ThreatsVerification versus ValidationEvaluating the Resulting Product

Agenda 8Controlling How Changes Take PlaceChange Control ProcessAdministrative Controls Agenda 9Common Information FlowVulnerabilities at Different LayersTier Approach and Communication ComponentsTiered Network ArchitecturesSensitive Data AvailabilityCookiesFind Out Where You Have BeenPulling DataWeb Server Error PagesSteps of InteractionProvide the Hackers with ToolsCommon Web Server FlawsImproper Data ValidationUniform Resource Locator (URL)Directory TraversalBuffer OverflowCross-Site Scripting AttackCommon SQL Injection AttackAttacking Mis-configurationsCGI InformationLogging ActivitiesAre ALL Patches Applied?Microsoft Example Best PracticesAuthorize AccessIsolation for ProtectionAuthentication Protecting TrafficMaintain Server SoftwareCommon IssuesBest PracticesAgenda 10Rolling ‘em OutPatching IssuesAgenda 11VirusBoot Sector InvasionFew Other TypesTypes of VirusesHow Do They Work?More MalwareTrojansBlended MalwareA Back Orifice Attack!

NetBusHoaxesAgenda 12Malware Protection TypesSignature ScanningMonitoring ActivitiesMonitoring for ChangesMore Bad StuffAttack CharacteristicsDisclosing Data in an Unauthorized Manner Covert Storage Channel Covert Timing ChannelCircumventing Access Controls Attacks TOC/TOU ExamplesAttack Type – Race ConditionAttacking Through Applications How Buffers and Stacks Are Supposed to WorkHow a Buffer Overflow WorksWatching Network TrafficTraffic AnalysisFunctionally Two Different Types Of RootkitsExamples of Trojaned FilesDomain 9 Review

Domain 10 - Operations Security 2h 16mOperations SecurityComputer OperationsOperations Security InvolvesWhat Do We Have?Hardware ProtectionLicensing IssuesSoftware InstallationITIL – Problem ManagementProblem ManagementAreas of Problem ManagementProblem Management Procedures for Processing ProblemsHigher Level LookData Output ControlsAdministrative Controls Personnel ControlsNon-EmployeesSecurity Operations Personnel Change ControlConfiguration ManagementAnother ExampleAgenda 1Resource ProtectionLibrary Maintenance

Media LabelsMedia ControlsSoftware EscrowMedia ReuseWeak LinkLiabilities of Insecure Disposal of InformationDevastating to the CompanyResults of Data LeakageObject ReuseSafe DisposalDegaussingZeroizationPhysical DestructionRemaining DataPurgingWhy Not Just Delete the Files?Formatting MediaMainframesAgenda 2Different Types of BackupsBackupsHSMOff-LineBackup TypesIncremental BackupIncrementalDifferential BackupDifferentialBackup ProtectionContinuous ThreatAgenda 3Devices Will FailMean Time Between FailureMean Time to RepairSingle Point of FailureCountermeasuresRedundant and Fault ToleranceMirroring DataDisk DuplexingDirect Access Storage DeviceRedundant Array of Independent DisksMassive Array of Inactive Disks (MAID)Redundant Array of Independent Tapes (RAIT)Serial Advanced Technology Architecture SANFault ToleranceNetwork RedundancyMesh Network

Redundancy MechanismBackup Configuration FilesSome Threats to Computer OperationsTrusted Recovery of SoftwareAfter System CrashSecurity ConcernsAgenda 4Contingency PlanningAgenda 5Remote Access SecurityAuthenticationRemote Access Administering Systems RemotelyFacsimile Security Securing Data in MotionSupport SystemsAgenda 6Before Carrying Out Vulnerability TestingTesting for VulnerabilitiesVulnerability AssessmentsSecurity Testing IssuesVulnerability ScanningBasic ScannerMore FunctionalityData Leakage – Keystroke LoggingLooking at KeystrokesPassword CrackingOne of Many ToolsWar DialingPhoneSweepWardialing OutputDetailed PhoneSweep OutputWar DrivingWireless Reconnaissance OutputWireless ReconnaissanceWireless AttacksMAC FilteringPenetration TestingTesting StepsTesting MethodologyAutomated Pen Testing Tools Canvas OperationPenetration Testing Automated Pen Testing Tools Core Impact OperationPost-Testing and Assessment Steps Penetration Testing VariationsTypes of TestingProtection Mechanism – HoneypotLog Reviews

Domain 10 ReviewCourse Closure

Total Duration: 35 hrs 09 min