CISSP Study Group/Blog
Help Me Build a Good Reference Guide
Cable & Media Types Standars
Dec 25th
Cables
10Base5 |
50-ohm thick Coax Thicknet |
500 Meters |
Bus |
10Base2 |
50-ohm RG-58 A/U Thinnet |
185 Meters |
Bus |
10BaseT |
Cat 3 UTP (or better) |
100 Meters |
Star |
100BaseTX |
Cat 5 UTP (or better) |
100 Meters |
Star |
Gigabit Ethernet |
Cat 6 UTP (or better) |
Depends |
Star |
Category |
Name |
Speed |
Network |
Cat 1 |
Not suitable for data communications. |
||
Cat 2 |
Not suitable for networks but may be used to connect terminals to mainframes. |
||
Cat 3 |
10BaseT |
10 Mbps |
Ethernet |
Cat 4 |
16 Mbps |
Token Ring |
|
Cat 5 |
100BaseTX |
100 Mbps |
Ethernet |
Cat 6 |
Gigabit Ethernet |
155 Mbps |
Etnernet |
Cat 7 |
1 Gbps |
Ethernet |
|
ACCESS MEDIA TYPES
| BASEBAND | BROADBAND |
| Digital Signaling | Analog signaling |
| No frequency-division multiplexing (uses entire bandwidth of cable for 1 signal) | Frequency-division multiplexing (use of splitter, such as a DSL filter) |
| Bi-directional transmission | Unidirectional transmission |
| Signal travels short distances | Signal travels long distances |
| EXAMPLES OF BASEBAND TRANSMISSION PROTOCOLS | EXAMPLES OF BROADBAND TRANSMISSION PROTOCOLS |
|
o ADLS (Assemetric) More up (1-9Mbps)/Dn (16-784Kb)
o SDSL & HDSL (1.55 Mbps up & dn) o VDSL (Very-high) Much higher speeds, shorter distance
|
Acess Media Cabling
| CABLE TYPE | BROADBAND |
| FIBER –
LOCAL LOOP |
Transmission on fiber optic wire requires repeating at distance intervals. The glass fiber requires more protection within an outer cable than copper. For these reasons and because the installation of any new wiring is labor-intensive, few communities yet have fiber optic wires or cables from the phone company’s branch office to local customers (local loop). |
| FIBER –
MULTI-MODE/SINGLE-MODE |
1. Multi-mode: uses LED, shorter distances over a single cable.
2. Single-mode: Uses laser, travels over greater distance, need 2 cables. |
| COAX –
COAXIAL |
Called “coaxial” because it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. The outer channel serves as a ground. Many of these cables or pairs of coaxial tubes can be placed in a single outer sheathing and, with repeaters, can carry information for a great distance. |
| UTP –
TWISTING |
The fundamental difference between category 3 and category 5 is how tightly the copper wires are wound. This tightness (specification) determines the cable’s resistance to interference, allowable distance between two points and maximum speed before attenuation affects the signal. |
Network Media Access Standards
| 802.3 | Ethernet (10/100Mb/1Gb) |
| 802.3a | Ethernet 10Gb |
| 802.4 | Token Bus, FDDI (Fiber Distributed Data Interface) uses this. |
| 802.5 | Token Ring |
Network Trnasmission Methods
| ASYNC/SYNC | Asynchronous communication functions by transferring data bits sequentially, (such as used with modems and dial-up remote access), whereas synchronous communication functions by sending data based on a timing signal that occurs at regularly timed intervals. |
| UNICAST | Type of address that is addressed to one host. |
| MULTICAST | Type of address that is addressed to a group. |
| BROADCAST | Type of address that is addressed to all. |
| ANYCAST | Type of address that has been designated to more than one interface and is used with IPv6; one IP assigned to multiple NICs. |
Network Data Element Terms
| Ethernet frame | A single unit of Ethernet data; Ethernet is frame based network technology. |
| TCP segment | A single unit of TCP data in the transport layer. |
| IP datagram | A single unit of IP data. |
| Packet | Packet is a group of information so would not be a “single unit”; TCP is segment based network technology. |
IP Class Ranges / Reserved IPs
Class A |
0.0.0.0 - 127.255.255.255 |
First byte (octet) = network Remaining bytes (octets) = host |
16 million |
Blass B |
128.0.0.0 - 191.255.255.255 |
First two bytes = network |
65 thousand |
Class C |
192.0.0.0 – 223.255.255.255 |
First three bytes = network |
254 usable |
Class D |
224.0.0.0 – 239.255.255.255 |
Used for multicast traffic |
|
Class E |
240.0.0.0 – 255.255.255.255 |
Reserved for future use |
|
1. 169.254.255.255 -> APIPA (Automatically Private IP Addressing). 2. 127.0.0.1 -> Loopback. 3. 10.255.255.255 -> Private Addressing, Internal network. 4. 172.16-31.255.255 -> Private Addressing, Internal network. 5. 192.168.255.255 -> Private Addressing, Internal network. |
|||
KERBEROS AUTHENTICATION PROTOCOL
Nov 8th
Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It is also a suite of free software published by Massachusetts Institute of Technology (MIT) that implements this protocol. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other’s identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. (Wikipedia)
This authentication method is found in Windows Servers and Linux servers and it is a ticket granting system very commonly used to authenticate users. Here are some of the main focus points for the CISSP Review
| KERBEROS AUTHENTICATION PROTOCOL |
|
KERBEROS FACTS |
| Ø Defined as a trusted third-party authentication protocol.
Ø The 3 components of Kerberos are: 1. Key Distribution Center (KDC): Holds users and service crypto keys – Get Key. 2. Authentication Service (AS): Makes tickets and gives them to principals – Use Key. 3. Ticket Granting Service (TGS): Authenticates a principal – Gain Entry. Ø KERBEROS 3 PHASE / 6 STEP AUTHENTICATION PROCESS FIRST PHASE – Client obtains credentials to request access to Kerberized services. o The client authenticates to a Kerberos Key Distribution Center (KDC), which interacts with realms to access authentication data. This is the only step in which passwords and associated password policy information needs to be checked. o The KDC issues the client a ticket-granting ticket, the credential needed when the client wants to use Kerberized services. The ticket-granting ticket is good for a configurable period of time, but can be revoked before expiration. It is cached on the client until it expires. SECOND PHASE – Client requests authentication for a specific service. o The client contacts the KDC with the ticket-granting ticket when it wants to use a particular Kerberized service. o The KDC issues a ticket for that service. FINAL PHASE – Client presents its credentials to the service. o The client presents the ticket to the service. o The service authenticates the client by verifying that the ticket is valid. Ø The authenticator within Kerberos provides a requested service to the client after validating a timestamp. Ø Because all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to both physical attacks and attacks from malicious code. Ø Kerberos is vulnerable to replay in which of the following circumstances when a ticket is compromised within an allotted time window. Ø The client decrypts the message containing the session key (KC, TGS) with its secret key (KC), and will now use this session key to communicate with the TGS client (sometimes refer to as resource or principal) he wishes to access. Ø The Key Distribution Center represents a single point of failure. Ø Kerberos manages access permissions. Ø Kerberos uses symmetric key cryptography, credential-based. Ø The KDC contains a database that holds private, (secret), not public, keys for all users. Ø Ticket-based system (using two separate tickets); employs MD5 and CRC-32 one-way hash functions, and also uses public key cryptography to distribute Secret keys. Ø Note: Like the Kerberos protocol, SESAME is also subject to password guessing. Ø PRINCIPALS are defined as the users, applications, and services that are provided security services by the KDC within the Kerberos network authentication protocol. |
IPSEC PROTOCOL STANDARD
Nov 8th
Wikipedia Says that Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host. This chart will provide some of the major point to review for the CISSP.
| IPSEC PROTOCOL STANDARD |
|
IPSEC (IP Security) |
| Ø To comply with the Internet Engineering Task Force (IETF) standard, IPSEC was designed to permit flexibility in choosing hashing, encryption, and key exchange mechanisms. Depending on the implementation, key exchange may be a manual process or an automated one.
Ø Default Hashing protocols are HMAC-MD5 or HMAC-SHA-1. Ø Default Encryption protocol is Cipher Block Chaining mode DES, but other algorithms like ECC (Elliptic curve cryptosystem) can be used. Ø Supports two communication modes – Tunnel mode and Transport mode. Tunnel mode is required for communication with a Gateway at the receiving end (gateway-to-gateway or host-to-gateway). Tunnel encrypts everything and is better security than Transport mode. Ø The two main concepts of IPSec are Security Associations (SA) and tunneling. Security association is a simplex logical connection between two IPSec systems. For bi-directional communication to be established between two IPSec systems, two separate Security Associations, one in each direction, must be defined. The security protocols can either be AH or ESP, which can be used independently, or together. AH provides integrity and authentication and ESP provides integrity, authentication and encryption. ESP can be operated in either tunnel mode (where the original packet is encapsulated into a new one) or transport mode (where only the data payload of each packet is encrypted, leaving the header untouched). Ø IKE (IPSEC Key Exchange) is defined as an Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP. Ø Does NOT use CHAP as an authentication mechanism, but can use o Pre shared key o Certificate based authentication o Public key authentication Ø The 3 components of IPSEC: 1. IKE (Internet Key Exchange), based on Diffie-Hellman encryption protocol. Optional, but usually used. 2. SA (Security Association). 3. SPI (Security Parameter Index), control channel for direction of traffic. |
|
IKE (IPSEC Key Exchange) |
| Ø Defined as an Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP.
Ø Used in conjunction with the IPSec standard; enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard. IPSec can however, be configured without IKE by manually configuring the gateways communicating with each other for example. Ø A security association (SA) is a relationship between two or more entities that describes how the entities will use security services to communicate securely. In phase 1 of this process, IKE creates an authenticated, secure channel between the two IKE peers, called the IKE SA (security association). The Diffie-Hellman key agreement is always performed in this phase. In phase 2 IKE negotiates the IPSec SA’s and generates the required key material for IPSec. The sender offers one or more transform sets that are used to specify an allowed combination of transforms with their respective settings. Ø Diffie-Hellman is a widely-used key exchange algorithm used by IKE. Ø Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both peers. Ø Allows you to specify a lifetime for the IPSec SA. Ø Allows encryption keys to change during IPSec sessions. Ø Allows IPSec to provide anti-replay services. Ø Permits Certification Authority (CA) support for a manageable, scalable IPSec implementation. Ø Allows dynamic authentication of peers. |
|
AH (Authentication Header) |
| Ø Mechanism for providing strong integrity and authentication for IP datagrams. It might also provide non-repudiation, depending on which cryptographic algorithm is used and how keying is performed. For example, use of an asymmetric digital signature algorithm, such as RSA, could provide non-repudiation.
Ø Does NOT provide confidentiality. Ø Integrity and authentication for IP datagrams are provided by AH. Ø Provides 3 services in IPSEC: 1. Authentication. 2. Anti-reply. 3. Data integrity services. |
|
ESP (Encapsulating Security Protocol) |
| Ø Mechanism for providing integrity and confidentiality (encryption) to IP datagrams. It may also provide authentication, depending on which algorithm and algorithm mode are used.
Ø Does NOT provide Non-repudiation and protection from traffic analysis. Ø In transport mode, ESP only encrypts the data payload of each packet. Ø Provides 4 services in IPSEC: 1. Payload protocol encrypts information in IP datagrams. 2. Authentication. 3. Anti-replay. 4. Integrity. |
|
ISAKMP (Internet Security Association Key Management Protocol) |
| Ø Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.
Ø Key management protocol typically used with IPsec, but intentionally excludes selection of any particular key exchange method. |
OSI Reference Model Layer Summary
Oct 22nd
The The Open System Interconnection Reference Model is some thing that should be completely learned and memorized. Pretty much just read the chart a couple of times and try to learn it so that when you are asked you can have a quick response.
C&A Life Cycle
Oct 19th
A correct implementation of the Certification and Accreditation program will help the organization maintain a secure environment on the computer systems. An establish life cycle will help the organization maintain a properly revised program.
5 TYPES OF BCP TESTING
Oct 17th
Business Continuity Planning is the key essential master plan used for recovery and restore of business. This logistical plan will layout how the organization will recover from partial or complete interruption of business. Here is a quick guide that will help you determine if the business continuity plan will work.
Security Certifications
Oct 16th
Almost 2 years ago I took the CISSP. I have to admit I have no test taking abilities, and the proctor staring at me for 6 hours killed me. I failed with a 685. This was a very tragic moment on my life; knowing that the pass rate is 70%, I felt the stupidest person on the world. After a couple of weeks of “in the fuck it” mode I decided to do something about it. That is when I started my Masters on Information Assurance. I work for the Federal Government; and for some reason you could have all the experience in the world, but if you do not have a Cert or Credentials to back it up you do not get the job.
So here I am again, a couple of years after at it again. The reason I did not take it again quickly was because of the 500 dollars lost. I wanted to make sure I would not fail again. Now I want to review and help other people review for the exam.
This Blog for now is about CISSP but first I want to talk about other credentials in the market and their standing from my very personal point of view.
TCP/IP IP Model 2
Oct 15th
TCP/IP model, the peculiar thing about this image, is it’s layout. It is organized in such way to help you understand TCP/IP and how it works. Combining this knowledge will help you have an understanding for the CISSP exam.
TCP/IP Model
Oct 13th
This Model should be learned and memorized, if asked you should not have to think about them. These links will guide you to their wikis for easy study access.
Trusted Computer Security Evaluation Criteria
Oct 11th
Trusted Computer System Evaluation Criteria (TCSEC) is a US Gov. DoD standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information.