CISSP Study Group/Blog

Cable & Media Types Standars

YOYO — Fri, 25 Dec 2009 21:09:40 +0000

Cables


10Base5	50-ohm thick Coax Thicknet	500 Meters	Bus
10Base2	50-ohm RG-58 A/U Thinnet	185 Meters	Bus
10BaseT	Cat 3 UTP (or better)	100 Meters	Star
100BaseTX	Cat 5 UTP (or better)	100 Meters	Star
Gigabit Ethernet	Cat 6 UTP (or better)	Depends	Star


Category	Name	Speed	Network
Cat 1	Not suitable for data communications.
Cat 2	Not suitable for networks but may be used to connect terminals to mainframes.
Cat 3	10BaseT	10 Mbps	Ethernet
Cat 4		16 Mbps	Token Ring
Cat 5	100BaseTX	100 Mbps	Ethernet
Cat 6	Gigabit Ethernet	155 Mbps	Etnernet
Cat 7		1 Gbps	Ethernet

ACCESS MEDIA TYPES


BASEBAND	BROADBAND
Digital Signaling	Analog signaling
No frequency-division multiplexing (uses entire bandwidth of cable for 1 signal)	Frequency-division multiplexing (use of splitter, such as a DSL filter)
Bi-directional transmission	Unidirectional transmission
Signal travels short distances	Signal travels long distances
EXAMPLES OF BASEBAND TRANSMISSION PROTOCOLS	EXAMPLES OF BROADBAND TRANSMISSION PROTOCOLS
Ethernet (twisted pair), using CSMA/CD 802.11 Wireless, using CSMA/CA Token Ring Polling Cable (coax) DSL (digital subscriber line)	o ADLS (Assemetric) More up (1-9Mbps)/Dn (16-784Kb) o SDSL & HDSL (1.55 Mbps up & dn) o VDSL (Very-high) Much higher speeds, shorter distance Most leased lines, T1, T3, etc

Acess Media Cabling


CABLE TYPE	BROADBAND
FIBER – LOCAL LOOP	Transmission on fiber optic wire requires repeating at distance intervals. The glass fiber requires more protection within an outer cable than copper. For these reasons and because the installation of any new wiring is labor-intensive, few communities yet have fiber optic wires or cables from the phone company’s branch office to local customers (local loop).
FIBER – MULTI-MODE/SINGLE-MODE	1. Multi-mode: uses LED, shorter distances over a single cable. 2. Single-mode: Uses laser, travels over greater distance, need 2 cables.
COAX – COAXIAL	Called “coaxial” because it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. The outer channel serves as a ground. Many of these cables or pairs of coaxial tubes can be placed in a single outer sheathing and, with repeaters, can carry information for a great distance.
UTP – TWISTING	The fundamental difference between category 3 and category 5 is how tightly the copper wires are wound. This tightness (specification) determines the cable’s resistance to interference, allowable distance between two points and maximum speed before attenuation affects the signal.

Network Media Access Standards


802.3	Ethernet (10/100Mb/1Gb)
802.3a	Ethernet 10Gb
802.4	Token Bus, FDDI (Fiber Distributed Data Interface) uses this.
802.5	Token Ring

Network Trnasmission Methods


ASYNC/SYNC	Asynchronous communication functions by transferring data bits sequentially, (such as used with modems and dial-up remote access), whereas synchronous communication functions by sending data based on a timing signal that occurs at regularly timed intervals.
UNICAST	Type of address that is addressed to one host.
MULTICAST	Type of address that is addressed to a group.
BROADCAST	Type of address that is addressed to all.
ANYCAST	Type of address that has been designated to more than one interface and is used with IPv6; one IP assigned to multiple NICs.

Network Data Element Terms


Ethernet frame	A single unit of Ethernet data; Ethernet is frame based network technology.
TCP segment	A single unit of TCP data in the transport layer.
IP datagram	A single unit of IP data.
Packet	Packet is a group of information so would not be a “single unit”; TCP is segment based network technology.

IP Class Ranges / Reserved IPs


Class A	0.0.0.0 - 127.255.255.255	First byte (octet) = network Remaining bytes (octets) = host	16 million
Blass B	128.0.0.0 - 191.255.255.255	First two bytes = network	65 thousand
Class C	192.0.0.0 – 223.255.255.255	First three bytes = network	254 usable
Class D	224.0.0.0 – 239.255.255.255	Used for multicast traffic
Class E	240.0.0.0 – 255.255.255.255	Reserved for future use
1. 169.254.255.255 -> APIPA (Automatically Private IP Addressing). 2. 127.0.0.1 -> Loopback. 3. 10.255.255.255 -> Private Addressing, Internal network. 4. 172.16-31.255.255 -> Private Addressing, Internal network. 5. 192.168.255.255 -> Private Addressing, Internal network.

KERBEROS AUTHENTICATION PROTOCOL

YOYO — Sun, 08 Nov 2009 11:12:24 +0000

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It is also a suite of free software published by Massachusetts Institute of Technology (MIT) that implements this protocol. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other’s identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. (Wikipedia)

This authentication method is found in Windows Servers and Linux servers and it is a ticket granting system very commonly used to authenticate users. Here are some of the main focus points for the CISSP Review

KERBEROS AUTHENTICATION PROTOCOL

KERBEROS FACTS

Ø Defined as a trusted third-party authentication protocol.

Ø The 3 components of Kerberos are:

1. Key Distribution Center (KDC): Holds users and service crypto keys – Get Key.

2. Authentication Service (AS): Makes tickets and gives them to principals – Use Key.

3. Ticket Granting Service (TGS): Authenticates a principal – Gain Entry.

Ø KERBEROS 3 PHASE / 6 STEP AUTHENTICATION PROCESS

FIRST PHASE – Client obtains credentials to request access to Kerberized services.

o The client authenticates to a Kerberos Key Distribution Center (KDC), which interacts with realms to access authentication data. This is the only step in which passwords and associated password policy information needs to be checked.

o The KDC issues the client a ticket-granting ticket, the credential needed when the client wants to use Kerberized services. The ticket-granting ticket is good for a configurable period of time, but can be revoked before expiration. It is cached on the client until it expires.

SECOND PHASE – Client requests authentication for a specific service.

o The client contacts the KDC with the ticket-granting ticket when it wants to use a particular Kerberized service.

o The KDC issues a ticket for that service.

FINAL PHASE – Client presents its credentials to the service.

o The client presents the ticket to the service.

o The service authenticates the client by verifying that the ticket is valid.

Ø The authenticator within Kerberos provides a requested service to the client after validating a timestamp.

Ø Because all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to both physical attacks and attacks from malicious code.

Ø Kerberos is vulnerable to replay in which of the following circumstances when a ticket is compromised within an allotted time window.

Ø The client decrypts the message containing the session key (KC, TGS) with its secret key (KC), and will now use this session key to communicate with the TGS client (sometimes refer to as resource or principal) he wishes to access.

Ø The Key Distribution Center represents a single point of failure.

Ø Kerberos manages access permissions.

Ø Kerberos uses symmetric key cryptography, credential-based.

Ø The KDC contains a database that holds private, (secret), not public, keys for all users.

Ø Ticket-based system (using two separate tickets); employs MD5 and CRC-32 one-way hash functions, and also uses public key cryptography to distribute Secret keys.

Ø Note: Like the Kerberos protocol, SESAME is also subject to password guessing.

Ø PRINCIPALS are defined as the users, applications, and services that are provided security services by the KDC within the Kerberos network authentication protocol.

IPSEC PROTOCOL STANDARD

YOYO — Sun, 08 Nov 2009 10:57:29 +0000

Wikipedia Says that Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host. This chart will provide some of the major point to review for the CISSP.

IPSEC PROTOCOL STANDARD

IPSEC (IP Security)

Ø To comply with the Internet Engineering Task Force (IETF) standard, IPSEC was designed to permit flexibility in choosing hashing, encryption, and key exchange mechanisms. Depending on the implementation, key exchange may be a manual process or an automated one.

Ø Default Hashing protocols are HMAC-MD5 or HMAC-SHA-1.

Ø Default Encryption protocol is Cipher Block Chaining mode DES, but other algorithms like ECC (Elliptic curve cryptosystem) can be used.

Ø Supports two communication modes – Tunnel mode and Transport mode. Tunnel mode is required for communication with a Gateway at the receiving end (gateway-to-gateway or host-to-gateway). Tunnel encrypts everything and is better security than Transport mode.

Ø The two main concepts of IPSec are Security Associations (SA) and tunneling. Security association is a simplex logical connection between two IPSec systems. For bi-directional communication to be established between two IPSec systems, two separate Security Associations, one in each direction, must be defined. The security protocols can either be AH or ESP, which can be used independently, or together. AH provides integrity and authentication and ESP provides integrity, authentication and encryption. ESP can be operated in either tunnel mode (where the original packet is encapsulated into a new one) or transport mode (where only the data payload of each packet is encrypted, leaving the header untouched).

Ø IKE (IPSEC Key Exchange) is defined as an Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP.

Ø Does NOT use CHAP as an authentication mechanism, but can use

o Pre shared key

o Certificate based authentication

o Public key authentication

Ø The 3 components of IPSEC:

1. IKE (Internet Key Exchange), based on Diffie-Hellman encryption protocol. Optional, but usually used.

2. SA (Security Association).

3. SPI (Security Parameter Index), control channel for direction of traffic.

IKE (IPSEC Key Exchange)

Ø Defined as an Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP.

Ø Used in conjunction with the IPSec standard; enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard. IPSec can however, be configured without IKE by manually configuring the gateways communicating with each other for example.

Ø A security association (SA) is a relationship between two or more entities that describes how the entities will use security services to communicate securely. In phase 1 of this process, IKE creates an authenticated, secure channel between the two IKE peers, called the IKE SA (security association). The Diffie-Hellman key agreement is always performed in this phase. In phase 2 IKE negotiates the IPSec SA’s and generates the required key material for IPSec. The sender offers one or more transform sets that are used to specify an allowed combination of transforms with their respective settings.

Ø Diffie-Hellman is a widely-used key exchange algorithm used by IKE.

Ø Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both peers.

Ø Allows you to specify a lifetime for the IPSec SA.

Ø Allows encryption keys to change during IPSec sessions.

Ø Allows IPSec to provide anti-replay services.

Ø Permits Certification Authority (CA) support for a manageable, scalable IPSec implementation.

Ø Allows dynamic authentication of peers.

AH (Authentication Header)

Ø Mechanism for providing strong integrity and authentication for IP datagrams. It might also provide non-repudiation, depending on which cryptographic algorithm is used and how keying is performed. For example, use of an asymmetric digital signature algorithm, such as RSA, could provide non-repudiation.

Ø Does NOT provide confidentiality.

Ø Integrity and authentication for IP datagrams are provided by AH.

Ø Provides 3 services in IPSEC:

1. Authentication.

2. Anti-reply.

3. Data integrity services.

ESP (Encapsulating Security Protocol)

Ø Mechanism for providing integrity and confidentiality (encryption) to IP datagrams. It may also provide authentication, depending on which algorithm and algorithm mode are used.

Ø Does NOT provide Non-repudiation and protection from traffic analysis.

Ø In transport mode, ESP only encrypts the data payload of each packet.

Ø Provides 4 services in IPSEC:

1. Payload protocol encrypts information in IP datagrams.

2. Authentication.

3. Anti-replay.

4. Integrity.

ISAKMP (Internet Security Association Key Management Protocol)

Ø Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.

Ø Key management protocol typically used with IPsec, but intentionally excludes selection of any particular key exchange method.

OSI Reference Model Layer Summary

YOYO — Thu, 22 Oct 2009 20:04:50 +0000

The The Open System Interconnection Reference Model is some thing that should be completely learned and memorized. Pretty much just read the chart a couple of times and try to learn it so that when you are asked you can have a quick response.


Group	#	Layer Name	Key Responsibilities	Data Type Handled	Scope	Common Protocols and Technologies
Lower Layers	1	Physical	Encoding and Signaling; Physical Data Transmission; Hardware Specifications; Topology and Design	Bits	Electrical or light signals sent between local devices	(Physical layers of most of the technologies listed for the data link layer)
	2	Data Link	Logical Link Control; Media Access Control; Data Framing; Addressing; Error Detection and Handling; Defining Requirements of Physical Layer	Frames	Low-level data messages between local devices	IEEE 802.2 LLC, Ethernet Family; Token Ring; FDDI and CDDI; IEEE 802.11 (WLAN, Wi-Fi); HomePNA; HomeRF; ATM; SLIP and PPP
	3	Network	Logical Addressing; Routing; Datagram Encapsulation; Fragmentation and Reassembly; Error Handling and Diagnostics	Datagrams / Packets	Messages between local or remote devices	IP; IPv6; IP NAT; IPsec; Mobile IP; ICMP; IPX; DLC; PLP; Routing protocols such as RIP and BGP
	4	Transport	Process-Level Addressing; Multiplexing/Demultiplexing; Connections; Segmentation and Reassembly; Acknowledgments and Retransmissions; Flow Control	Datagrams / Segments	Communication between software processes	TCP and UDP; SPX; NetBEUI/NBF
Upper Layers	5	Session	Session Establishment, Management and Termination	Sessions	Sessions between local or remote devices	NetBIOS, Sockets, Named Pipes, RPC
	6	Presentation	Data Translation; Compression and Encryption	Encoded User Data	Application data representations	SSL; Shells and Redirectors; MIME
	7	Application	User Application Services	User Data	Application data	DNS; NFS; BOOTP; DHCP; SNMP; RMON; FTP; TFTP; SMTP; POP3; IMAP; NNTP; HTTP; Telnet

C&A Life Cycle

YOYO — Mon, 19 Oct 2009 22:57:36 +0000

A correct implementation of the Certification and Accreditation program will help the organization maintain a secure environment on the computer systems. An establish life cycle will help the organization maintain a properly revised program.

Certification and Accreditation Guidance Development Life Cycle

Phase	Task	Activity

Development	Creation	Plan for, research, and write the policy
	Review	Complete an independent policy review prior to approval
	Approval	Obtain management approval of the policy
Implementation	Communication	Disseminate the policy
	Compliance	Implement the policy
	Exceptions	Manage cases where full implementation is not possible
Maintenance	Awareness	Ensure continued awareness of the policy
	Monitoring	Report and track compliance with the policy
	Enforcement	Handle violations of the policy
	Maintenance	Keep the policy current
Disposal	Retirement	Retire the policy when it is no longer required

5 TYPES OF BCP TESTING

YOYO — Sat, 17 Oct 2009 20:44:46 +0000

Business Continuity Planning is the key essential master plan used for recovery and restore of business. This logistical plan will layout how the organization will recover from partial or complete interruption of business. Here is a quick guide that will help you determine if the business continuity plan will work.


TEST	DESCRIPTION
CHECKLIST	*COPIES* of the plan are sent to different department managers and business unit managers for review, (WITHOUT A MEETING). This is a simple test and should be used in conjunction with other tests.
STRUCTURED WALK-THROUGH	Structured Walk-through—Team members and other individuals responsible for recovery *MEET* and walk through the plan step-by-step to identify errors or assumptions.
SIMULATION	This is a simulation of an actual emergency. Members of the response team act in the same way as if there was a real emergency.
PARALLEL	Parallel—This is similar to simulation testing, but the primary site is uninterrupted and critical systems are run in parallel at the alternative and primary sites.
FULL INTERRUPTION	This test involves all facets of the company in a response to an emergency. It mimics a real disaster where all steps are performed to test the plan. Systems are shut down at the primary site and all individuals who would be involved in a real emergency, including internal and external organizations, participate in the test. This test is the most detailed, time-consuming, and expensive all of these.

Security Certifications

YOYO — Fri, 16 Oct 2009 15:37:43 +0000

Almost 2 years ago I took the CISSP. I have to admit I have no test taking abilities, and the proctor staring at me for 6 hours killed me. I failed with a 685. This was a very tragic moment on my life; knowing that the pass rate is 70%, I felt the stupidest person on the world. After a couple of weeks of “in the fuck it” mode I decided to do something about it. That is when I started my Masters on Information Assurance. I work for the Federal Government; and for some reason you could have all the experience in the world, but if you do not have a Cert or Credentials to back it up you do not get the job.

So here I am again, a couple of years after at it again. The reason I did not take it again quickly was because of the 500 dollars lost. I wanted to make sure I would not fail again. Now I want to review and help other people review for the exam.

This Blog for now is about CISSP but first I want to talk about other credentials in the market and their standing from my very personal point of view.

Legend:

Difficulty – How hard the test itself is, i.e. study-time needed, difficulty of material, etc.
Who – Who should be considering the certification.
Respect – Respect rating within the technical infosec-geek community.
Renown – How well-know the certification is throughout the industry.
Requirements – What’s needed to get the cert, e.g. prerequisites, exams, practicals, labs, etc.
Cost – What it’ll cost you (or your company) to get the credential.
Pros – Positive comments about the certification.
Cons – Downsides to the certification.

** Note: Numbers are on a scale from 1-10, with 10 being the highest

The Credentials: Security+
Sponsor: CompTIA
Difficulty: 2
Respectability: 2
Renown: 4
Requirements: Single Exam, +-100 Questions
Cost: $225 USD (discounts available online)

Who: This certification is for people just getting into the field. If you don’t have any other certifications, and your experience/skills are still developing, this is the certification for you.

Pros: It’s a fairly easy cert to get and I understand it’s getting a decent amount of recognition within federal organizations. It’s also a fair, solid test that asks decent questions rather than a bunch of vendor-specific garbage.

Cons: It’s entry-level and thus not strong as a standalone bargaining chip.

SSCP (Systems Security Certified Practitioner)
Sponsor: ISC2
Difficulty: 4
Respectability: 3
Renown: 2
Requirements: Single Exam, 125 Questions, 3 hours; 1 Year Experience
Cost: $350 USD

Who: The SSCP is for serious, dedicated information security professionals who are not quite ready to take the CISSP exam. Only one (1) year of experience is required for this exam vs. 3-4 (depending on if you have your bachelors) for the CISSP.

Pros: The SSCP is administered in a very professional fashion, just like the CISSP, and it thus carries some degree of the respect that goes along with that credential. It’s also from ISC2 just like the CISSP, so that helps it as well. It shows that you’re serious about your career.

Cons: Unfortunately, the certification that hurts the SSCP the most is in fact its older sibling — the CISSP. If you check the job boards, precious few jobs ask for the SSCP. The reasoning there is that the experience requirement for the CISSP is much of what makes it so respectable. To take that away and ask half the number of questions diminishes the value of the SSCP significantly.

CISSP (Certified Information Systems Security Professional)
Sponsor: ISC2
Difficulty: 5
Respectability: 4
Renown: 10
Requirements: Single Exam, 250 Questions, 6 hours; 4 Years Experience
Cost: $500 USD
Who: The CISSP is for serious, dedicated information security professionals who intend to stay in the field and grow. It says to employers that you are serious about your career and are familiar with the core basics of 10 separate areas within the field. In today’s market, managers and career professionals are expected to have this credential.

Pros: The CISSP is the undisputed king of infosec certifications. It’s the first infosec cert to receive ISO recognition — a great achievement not only for the certification itself, but also for the field as a whole. It commands a great deal of respect in many IT circles (and HR circles), and this can be clearly seen via job search results. It can help your chances greatly of getting high-paying jobs, and is an excellent addition to any resume. If you are only going to get one infosec certification, it should be the CISSP.

Cons: While the CISSP is the king of information security certifications, it suffers from being thought of as something it isn’t. Many still mistakingly view it as proof that someone is an expert in the field, and that couldn’t be farther from the truth. ISC2 has explicitly stated in the past that the test is designed to test a broad base of general knowledge, not to certify someone as a master of their field. Also, despite the rumors of impossibility, the exam also supports over a 70% first-time pass rate.

CISA (Certified Information Systems Auditor)
Sponsor: ISACA
Difficulty: 6
Respectability: 5
Renown: 8
Requirements: Single 200 Question Exam, 4 Hours; 5 Years Experience
Cost: $475 USD

Who: The CISA credential is ideal for anyone already doing, or looking at getting into information security auditing. If you’re not familiar with auditing, think of accounting. It’s basically ensuring that proper processes are in place and that people (and technologies) are doing what they’re supposed to be doing.

Pros: The credential is highly recognized and sports even more hits than the CISSP via Monster.com and other job searches. It’s highly sought after due to the myriad of regulations hitting the infosec industry. Considered a “professional” certification, it seems to borrow some respect from the CPA/Accountant arena.

Cons: Again, many jobs that request CISA also will take a CISSP. Certain jobs ask for CISA specifically, but most are just looking for this “class” of cert, and will accept a CISSP in its place.

CISM (Certified Information Systems Manager)
Sponsor: ISACA
Difficulty: 6
Respectability: 5
Renown: 7
Requirements: Single 200 Question Exam, 4 Hours; 5 Years Experience; 3 Years Security Management Experience.
Cost: $475 USD
Who: The CISM credential is for information security managers. It’s for those who wish to show that they can manage an enterprise information security program.
Pros: The credential comes from ISACA, which is a respected organization, and the position of information security manager is so important to companies that any credentials that speak to one’s competence will be helpful.
Cons: Once again the CISSP is still the leader in this area, and while the certification can definitely help, anyone hiring for an ISM position is going to be looking at a lot more than certifications.
Comments: Anyone wanting to get into an ISM position needs to be looking at this credential, but it doesn’t have the power of CISSP in my view. I think that out of the two big ISACA certs, the CISA offers more of a punch, albeit not necessarily for managers.

GSEC (GIAC Security Essentials Certification)
Sponsor: GIAC (SANS)
Difficulty: 7
Respectability: 7
Renown: 7
Requirements: Two 100-Question, Open-book, Open-Google Online Exams

Cost: $800 USD (Cost of exam without training)

Who: The GSEC is for highly-technical, serious information security professionals who actively work with the technical side of infosec on a daily basis. Those who are looking to show considerable technical knowledge over a large number of infosec subjects would be well-served by attaining this credential.

Pros: The SANS organization is universally recognized as a top-notch infosec training and certification organization. Any certification from them commands a decent degree of respect, both with engineers and increasingly with human resources as well.

Cons: The CISSP still owns the majority of the spotlight in this arena. Relatively few employers are aware of the GSEC, and even of those who do recognize it, most view the CISSP as just as (or more) valuable.

GCFW, GCFA, GCIA, GCUX, GCIH
Sponsor: GIAC (SANS)
Difficulty: 8-9
Respectability: 8-9
Renown: 5
Requirements: Two 100-Question, Open-book, Open-Google, Online Exams
Cost: $800 USD (without training)

Who: These various certifications represent the “hardcore” SANS offerings. They are more in-depth and difficult than the GSEC, and they focus on one area specifically. GCFW is for firewalls and VPNs, GCIA is for IDS/IPS, GCUX is for Unix security, GCFA is for forensics, and GCIH is for incident handling. These are just a few of those that are offered, and these are geared towards veteran infosec professionals who have already specialized in an area. If this sounds like you, these certs are the way to go.

Pros: The GIAC (SANS) organization is universally recognized as a top-notch training and certification organization. Any certification from them commands a decent degree of respect, and these specialized certs say to an employer or client that you are truly skilled at what you do.

GSE (GIAC Security Expert)
Sponsor: GIAC (SANS)
Difficulty: 10
Respectability: 10
Renown: 4

Requirements: Must have three (3) GIAC certifications (GSEC, GCIA and GCIH) with GIAC Gold in at least two; must pass a proctored GSEC exam with average scores of 80 on both tests; 23 hour onsite testing process consists of a mix of open book written exams, research, hands on exams, group work and an oral presentation.

Who: The GSE is for those who have literally mastered a number of areas within information security, have superior talent, have a love of difficult-to-attain credentials, and a lot of time on their hands.

Pros: If you encounter anyone who knows what all the exam involves, you’ll be instantly acknowledged as a world-class information security expert.

Cons: You aren’t likely to find any of those people. Plus, anyone with these skills doesn’t need the certification anyway.

It is very important to understand that there are a lot of certifications out there, there are some that are more technical than others. My perspective is manager wise. Most of the time managers get the better position within the company and better salary in the industry. My purpose for the CISSP is because it is required for most Chief of Information Security officer positions in the federal government and military. So the purpose of this blog is to accomplish that. I am hoping to get help and to help others and make this experience a good one.

TCP/IP IP Model 2

YOYO — Fri, 16 Oct 2009 03:20:48 +0000

TCP/IP model, the peculiar thing about this image, is it’s layout. It is organized in such way to help you understand TCP/IP and how it works. Combining this knowledge will help you have an understanding for the CISSP exam.

TCP/IP Model

YOYO — Tue, 13 Oct 2009 15:52:04 +0000

This Model should be learned and memorized, if asked you should not have to think about them. These links will guide you to their wikis for easy study access.

Internet Protocol Suite

Application Layer

BGP · DHCP · DNS · FTP · GTP · HTTP · IMAP · IRC · Megaco · MGCP · NNTP · NTP · POP · RIP · RPC · RTP · RTSP · SDP · SIP · SMTP · SNMP · SOAP · SSH · Telnet · TLS/SSL · XMPP · (more)

Transport Layer

TCP · UDP · DCCP · SCTP · RSVP · ECN · (more)

Internet Layer

IP (IPv4, IPv6) · ICMP · ICMPv6 · IGMP · IPsec · (more)

Link Layer

ARP · RARP · NDP · OSPF · Tunnels (L2TP) · Media Access Control (Ethernet, MPLS, DSL, ISDN, FDDI) · Device Drivers · (more)

This box: view • talk • edit

Trusted Computer Security Evaluation Criteria

YOYO — Mon, 12 Oct 2009 03:34:09 +0000

Trusted Computer System Evaluation Criteria (TCSEC) is a US Gov. DoD standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information.

TCSEC (Trusted Computer Security Evaluation Criteria – aka Orange Book) ITSEC (Information Technology Security Evaluation Criteria)
ITSEC / TCSEC		DESCRIPTION TCSEC / ITSEC (F+E) ITSEC / (E) EAL
F = EAL =	Functionality Eval Assurance Level
(Highest) F6-10 / EAL7		F10	Networks with high demands on Integrity and Confidentiality.
		F9	Systems that provide high Confidentiality (like crypto devices).
		F8	Systems that provide data Integrity during communication.
		F7	Systems that provide high Availability.
		F6	Systems that provide high Integrity.
		EAL 7	Formally verified DESIGN and TESTED.
A = VERIFIED PROTECTION
A1 / F5 + E6		Top level security, systems designed to handle TS data. Every step is formally DOCUMENTED and VERIFIED. o Classification: Capable of handling TS information. o (Trusted Distribution) – Delivered and installed in a secure manner. o Covert channels addressed – formally tested and documented.
		EAL 6	*Semi-formally* verified design and tested.
B = MADATORY PROTECTION
B3 / F5 + E5		Uses Security Labels of B1 and B2, based on Bell-LaPadula. Secure Domains: o Classification: Supports sufficient security to house classified data. o (Trusted Recovery) – Secure state must be addressed during initial boot process. o Covert timing channels addressed – for processing trasactions. o Security Admin functions must be clearly identified by System. o Requirement for Security Domains. o Very difficult to successfully attack and provide sufficient secure controls for very sensitive or Secret data. o Compartmented Securiy-Mode of Operation in most cases.
		EAL 5	Semi-formally designed and tested.
B2 / F4 + E4		Uses Security Labels for Data and system design, (including *storage devices), based on Bell-LaPadula. Structured:* o Classification: Supports sufficient security to house classified data. o (Trusted Facility Management) required o Covert storage channels addressed – for data and/or storage devices. o Requires SEPARATE Operator and Administrator ROLES. o Change Control is required.
		EAL 4	Methodically designed, tested, and reviewed.
B1 / F3 + E3		Uses Security Labels for Data only, based on Bell-LaPadula. Labeled: o Classification: Supports sufficient security to house classified data. o Grants access by matching subject and object labels and comparing their permission compatibility.
		EAL 3	Methodically tested and checked.
C = DISCRETIONARY PROTECTION
C2 / F2 + E2		Based on individuals and groups, separates users and information. Controlled Access Protection: o Enforce strict logon procedures. o Media cleansing. o Auditing mechanisms. o OBJECT REUSE.
		EAL 2	Structurally tested.
C1 / F1 + E1		Based on individuals and groups, separates users and information. Discretionary Secure Protection: Provide only weak protection mechanisms – NO true individual accountability.
		EAL 1	Functionally tested.
D = MINIMAL SECURITY
D / E0 (Lowest)		Reserved for systems that have been evaluated but failed to meet security criteria.
		EAL 0	Inadequate assurance. *TCSEC* was developed by the NCSC (National Computer Security Center) *TCSEC’s goal* was to provide standard methodology for measuring the amount of trust you can place in a system, produce standards as to what security features for manufacturers to include when developing new commercial products, and to provide government user personnel with a basis for the specific security requirements they were demanding when purchasing products. *ITSEC* (Information Technology Security Evaluation Criteria) was written to address *integrity* and *availability* which the Orange Book did not address.