Security Engineering Western Governors UniversityCISSP 101Notes - Domain 3 - EDT_JAN18

Document Content and Description Below

Security Engineering Security engineering makes up the third domain of the CISSP examination and it is also the second largest in terms of the number of covered topics; however, has the most slides ... (364) to review. Security engineering is defined as the practice of building information systems and related architecture that continue to deliver the required functionality in the face of threats that may be caused by malicious acts, human error, hardware failure and natural disasters. Security Engineering is the natural expression of the underlying security principles (confidentiality, integrity and availability) and involves the incorporation and integration of security controls, behaviors and capabilities into information systems and the enterprise architecture. CISSP candidates will be tested on: Their ability to implement and manage security engineering processes using secure design principles. Their understanding of the fundamental concepts of security models and be capable of developing design requirements based on the organization’s requirements and security policies as well as the selection of controls and countermeasures that will satisfy those design requirements. All of this is made possible by the security professional’s in depth knowledge and understanding of security limitations and capabilities of information systems. Information security professionals must continuously assess and mitigate vulnerabilities in security architectures, designs and solution elements. Individual topics covered under this task include:  client and server‐side vulnerabilities,  database security,  distributed systems and cloud security,  cryptographic systems and industrial controls,  Web application vulnerabilities,  mobiles devices and embedded systemsD3 P2 v.01_2018 Cryptography involves the protection of information, both while in motion and at rest, by altering the information to ensure that its integrity, confidentiality and authenticity is protected. CISSP candidates will be tested on general cryptographic concepts, the cryptographic lifecycle, cryptographic systems, public key infrastructure, key management practices, digital signatures, and digital rights management (DRM). Candidates must also have a thorough understanding of cryptanalytic attack vectors including:  social engineering,  brute force,  cipher‐text only,  known plaintext,  frequency analysis,  chosen cipher‐text and  implementation attacks. Security engineering is not limited to information systems development. Additional topics in the security engineering domain include:  application of secure design principles  site and facility design and  physical security. Implement and Manage an Engineering Life cycle Using Security Design Principles SLIDE 9: Systems Engineering Models and Processes Usually organize themselves around a life cycle. The International Council on Systems Engineering (INCOSE) is a widely recognized representation of classical systems engineering. ISO/IEC 15288:2008 is an international systems engineering standard covering processes and life cycle stages. It defines a set of processes divided into four categories: ■ Technical ■ Project ■ Agreement ■ Enterprise Example life cycle stages can include concept, development, production, utilization, support, and retirement.D3 P3 v.01_2018 SLIDE 10: The V‐model While the detailed views, implementations, and terminology used to articulate the systems engineering life cycle differ, they all share fundamental elements, depicted by the V‐model. The left side of the V represents concept development and decomposition (or breakdown) of requirements into functions and physical entities that can be draft, designed, and developed. (think: blueprint to production) The right side of the V represents integration of these entities and their ultimate transition into the environment, where they will be operated and maintained. (think: integration and management) SLIDE 11: Key System Engineering Technical Process Topics There are often iterative cycles, skipped phases, and overlapping elements that will occur within a life cycle. Additionally, important processes and activities will effect more than one phase in the system life cycle. Risk identification and management is one example of such a cross‐cutting (editing) process. ■ Requirements Definition ■ Requirements Analysis ■ Architectural Design ■ Implementation ■ Integration ■ Verification ■ Validation ■ TransitionD3 P4 v.01_2018 SLIDE 12: Key System Engineering Technical Process Topics ■ Decision Analysis ■ Technical Planning ■ Technical Assessment ■ Requirements from Management ■ Risk Management ■ Configuration Management ■ Interface Management ■ Technical Data Management SLIDE 13: Securing Information and Systems against the full spectrum of threats requires the use of multiple, overlapping protection approaches addressing the people, technology, and operational aspects of information systems. This is due to the highly interactive nature of various systems and networks, and the fact that any and all systems cannot be adequately secured unless all interconnecting systems are also secured. By using multiple overlapping protection mechanisms, the failure or circumvention of any individual protection mechanism will not leave the entire system unprotected. Through user training and awareness, well‐crafted policies and procedures, and redundancy of protection mechanisms, layered protections will enable effective protection of information technology for the purpose of achieving the required objectives regarding security architecture. This will be compared against the enterprises appetite for risk. SLIDE 14: Generally Accepted Principles and Practices for Securing Information Technology Systems AKA NIST SP 800‐14 ‐ provides a foundation upon which organizations can establish and review information technology security programs. SP 800‐14 identifies 8 principles and 14 practices that provide an organizational level perspective for information technology security. SLIDE 15: Common Criteria The Common Criteria provides a structured methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the area of IT security. Use of the Common Criteria “protection profiles” and “security targets” greatly aid in the development of products and systems that manage IT security functions. CC will be discussed in more detail later in the course.D3 P5 v.01_2018 SLIDE 16: NIST SP 800‐27 In order to come up with an approach that will be consistent and offer the proper level of guidance, NIST compiled a set of engineering principles for system security. These principles are detailed in NIST SP 800‐27 Rev A, the Engineering Principles for Information Technology Security – which provides a Baseline for Achieving Security The five life cycle planning phases used in NIST SP 800‐27 Rev A are defined in the Generally Accepted Principles and Practices for Securing Information Technology Systems, SP 800‐14 (SLIDE 14): ■ Initiation: During the initiation phase, the need for a system is expressed and the purpose of the system is documented. Activities include:  conducting an impact assessment in accordance with FIPS‐199. ■ Development/Acquisition: During this phase, the system is designed, purchased, programmed, developed, or otherwise constructed. This phase often consists of other defined cycles, such as the system development cycle or the acquisition cycle. Activities include:  determining security requirements,  incorporating security requirements into specifications, and  obtaining the system. ■ Implementation: During implementation, the system is tested and installed or fielded. Activities include:  installing/turning on controls,  security testing,  certification, and accreditation. ■ Operation/Maintenance: During this phase, the system performs its work. Typically, the system is also being modified by the addition of hardware and software and by numerous other events. Activities include:  security operations and administration,  operational assurance, and  audits and monitoring. ■ Disposal: involves the disposition of information, hardware, and software. Activities include:  moving, archiving,  discarding, or destroying information and  sanitizing the media.D3 P6 v.01_2018 SLIDE 17: NIST SP 800‐27 Rev A Security Categories NIST SP 800‐27 Rev A creates 33 IT security principles that are grouped into the following six categories: ■ Security Foundation ■ Risk Based ■ Ease of Use ■ Increase Resilience ■ Reduce Vulnerabilities ■ Design with Network in Mind The 33 NIST principles help illustrate the scope and depth of the security design principles that need to be interlaced into every engineering life cycle. This is in order to appropriately identify and address the various areas of concern with regard to Confidentiality, Integrity, and Availability. SLIDE 18: Characteristics of Security Architectures Provide the following: ■ Discrete (or individually separate) security methodologies ■ Discrete views and viewpoints ■ They addresses non‐normative flows throughout systems and among applications ■ They Introduce their own normative flows throughout systems and among applications Normative – defined as establishing, relating to, or deriving from a standard or norm, especially of behavior. ■ They introduce unique, single‐purpose components in the design ■ They call for / introduce their own unique set of skills and capabilities of the enterprise and IT architectures Secure Life Cycle Frameworks You need to understand how to identify the key issues and concerns that the engineering life cycle must address for the enterprise. Once they are identified, they must be clearly defined and agreed upon by the stakeholders in the enterprise. Stakeholder ‐ a person with an interest or concern for the business. When the stakeholders have agreed upon the framework that will be used, security design principles can be used by the architect to ensure that all known and identified threats, vulnerabilities, and risks have been addressed as part of the security architecture that will be included in the life cycle.D3 P7 v.01_2018 SLIDE 19: ISO/IEC 21827:2008 ‐ The Systems Security Engineering – Capability Maturity Model (SSE‐ CMM) Is just one example of a secure life cycle framework; it describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering. ISO/IEC 21827:2008 does not prescribe a particular process or sequence, but captures practices generally observed in industry. The model is a standard metric for security engineering practices that cover the following: ■ The entire life cycle, including development, operation, maintenance, and decommissioning activities ■ The whole organization, including management, organizational, and engineering activities ■ Concurrent interactions with other disciplines, such as system, software, hardware, human factors, and test engineering; system management, operation, and maintenance ■ Interactions with other organizations, including acquisition, system management, certification, accreditation, and evaluation Understand Fundamental Concepts of Security Models SLIDE 23: Common System Components: Processors When the CPU requires data, it retrieves it from memory. The retrieval process is referred to as fetching information from memory, referred to as instructions Next, the CPU decodes the instructions Next it executes the instructions. EX: calculating numbers Next it stores the results of the instructions. The cycle repeats until there are no further instructions to be executed. Fetch > Decode > Execute > StoreD3 P8 v.01_2018 SLIDE 24: Increasing Performance One way to take advantage of the capabilities of a processor is to split programs into multiple, cooperating processes. A multitasking system switches from one process to another very quickly to speed up processing. Another way higher performance can be achieved is by increasing the number of processors in a system where each processor can assume some of the load. This type of system is called a multiprocessing system. Another common way to get higher performance is to split programs into threads. Multithreading, is the concept whereby the OS time slices the threads and gives one thread some time on the CPU, then switches to another thread and lets it run for a while, repeating the process until it is finished. It is vital that the system provide a way to protect multiple processes, tasks, and threads from the other processes/tasks/threads that may contain bugs or demonstrate unfriendly actions. NOTE: Techniques need to be implemented to measure and control resource usage. If this type of functionality is not available, an assigned task might be able seize enough memory resulting in a denial‐of‐service attack, a crash, or reduced system responsiveness. SLIDE 25: Key features that processors should have in order to address security concerns at multiple levels include: ■ Tamper detection sensors ■ Cryptographic acceleration (accelerator) ■ Battery backed logic with a physical mesh ■ The ability to customize a device with secure boot capabilities ■ Secure memory access controller with on‐the‐fly encrypt and decrypt capabilities ■ Static and differential power analysis (SPA/DPA) countermeasures ■ Smart card UART controllers UART ‐ Universal Asynchronous Receiver/Transmitter ‐ is a microchip with programming that controls the computers interface to its attached serial devicesD3 P9 v.01_2018 SLIDE 26: Virtualization and CPU Security We must address the question of how cloud‐based solutions such as Desktop as a Service (DaaS) and more broadly how virtualization will impact the discussions surrounding CPU security. It is important to be aware of these issues and take them into account when planning architectures. For example, in June of 2012, Vulnerability VU#649219 was logged and released by the US CERT. The vulnerability report was titled: “SYSRET 64‐bit operating system privilege escalation vulnerability on Intel CPU hardware.” The following is an excerpt from the Vulnerability Note: Overview: Some 64‐bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. Privilege escalation ‐ is the act of exploiting a bug, design flaw or configuration oversight in OS or software application to gain elevated access to resources that are normally protected from an application or user. The vulnerability may be exploited for local Privilege Escalation or a guest‐to‐host VM escape. Intel claims that this vulnerability is a software implementation issue, as their processors are functioning as per their documented specifications. However, software that fails to take the Intel‐specific SYSRET behavior into account may be vulnerable. Description: A ring3 attacker (attacker using ring3 rootkit – which is an attack on the kernel) may be able to specifically craft a stack frame to be executed by ring0 (the kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with the attacker’s chosen RSP (Get Stack Pointer > Assembly Language aka machine language) resulting in a privilege escalation. Impact : A locally authenticated attacker may exploit this vulnerability for operating system privilege escalation or for a guest‐to‐host virtual machine escape [Show More]

Last updated: 1 year ago

Preview 1 out of 151 pages