CISSP EXAM

THE COMPLETE COURSE

CRAM
Security Architecture
and Engineering
DOMAIN 3 : SECURITY ARCHITECTURE & ENGINEERING

1. Research, implement and manage

engineering processes using secure design
principles
models (Biba,
2. Understand the Sfundamental concepts of
t a r Model, Bell-LaPadula)
security
3. Select controls based upon systems
security requirements
4. Understand security capabilities of
information systems (TPM,
encryption/decryption)
5. Assess and mitigate the vulnerabilities of
DOMAIN 3 : SECURITY ARCHITECTURE & ENGINEERING

6. Select and determine cryptographic solutions

7. Understand methods of cryptanalytic attacks
8. Apply security principles to site and facility design
9. Design site and facility security controls

What is actually N E W in 2021 r e l e a s e ?

what’s new in domain 3?
3.1 Research, implement and manage engineering
processes using secure design principles

– Threat Modeling – Keep it simple

– Least privilege – Zero Trust
– Defense in depth – Privacy by design
– Secure defaults – Trust but verify
– Fail securely – Shared responsibility
– Separation of
NEW! included
Duties
here
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
what’s new in domain 3?
3.6 Select and determine cryptographic
solutions
– Quantum
Relevant and expanded v e r s u s
w h a t is in the o f f i c i a l study
guide

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
what’s new in domain 3?
3.7 Understand methods of cryptanalytic
attacks
– Brute force – Fault injection
– Ciphertext only – Timing
– Known plaintext – Man-in-the-Middle (MITM)
– Frequency analysis – Pass the hash
– Chosen ciphertext – Kerberos exploitation
– Implementation attacks – Ransomware
– Side-channel
covered in “ A t t a c k s and Countermeasures”

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
secure design taken f r o m NIST S P 800-
160
principles
default configuration reflects a restrictive and
conservative enforcement of security policy.

indicates that components should fail in a

state that denies rather than grants access.

depended on an initial authentication

process to
gain access to the internal “secured”
environment
then relied on generic access control
methods.
addresses the limitations of the legacy
network perimeter-based security model.
treats user identity as the control plane
Assumes compromise / breach in
every request. no entity is t r u s t e d b y default
verifying

VERIFY MANAGE MANAGE PROTECT

IDENTITY DEVICES APPS DATA
 Making privacy an integral part of every system,
technology, policy, and design process.

1. Proactive and not a reactive approach

2. Privacy as the Default setting
3. Privacy must be embedded in the design
4. Privacy should be a positive-sum
approach
The 7 principles
and not a zero-sum approach
f r o m the I A P P
5. End to end full lifecycle data protection
6. Visibility and transparency
7. Keep privacy user-centric
Applying these principles in implementing a layered
defense as part of a zero trust strategy ensures privacy.
secure design principles

Complexity is the worst enemy of security.

Best-in-suite over best-in-breed solutions are
one approach used to simplify defense in-depth
Simplicity also helps to avoid configuration
mistakes.
Enables organizations to move forward, improving
incrementally, rather than demanding perfection.

F r e s h application o f the classic ‘kiss’ principle

CISS
PEXA
CMRA AT TA C K S A N D
COUNTER MEASURES
 COMPARE
CLOUD

PRIVATE HYBRID pUBLI

C
IAAS PAAS SAAS
COMPARE
CLOUD

SHARED RESPONSIBILITY
MODEL
shared responsibility model
1 0 0 % YO U R S
Applications Applications Applications Applications
Data Data Data Data
Runtime Runtime Runtime Runtime
Responsible Middleware Middleware Middleware Middleware
CSP OS OS OS OS
Customer Virtualization Virtualization Virtualization Virtualization
Servers Servers Servers Servers
Storage Storage Storage Storage
Networking Networking Networking Networking

On-premises IaaS PaaS SaaS

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD MODELS & SERVICES - IAAS

Applications Applications
Data Data
Runtime Runtime CSP provides building blocks, like
Middleware Middleware networking, storage and compute
OS OS
Virtualization Virtualization CSP manages staff, HW, and
Servers Servers
datacenter
Storage Storage
Networking Networking

On-premises IaaS

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD MODELS & SERVICES - IAAS

Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers Azure Virtual Amazon EC2 GCP Compute
Storage Storage Machines Engine
Networking Networking

On-premises IaaS

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD MODELS & SERVICES - PAAS

Applications Applications
Data Data
Runtime Runtime Customer is responsible for
Middleware Middleware deployment and management of apps
OS OS
Virtualization Virtualization CSP manages provisioning,
Servers Servers
configuration, hardware, and OS
Storage Storage
Networking Networking

On-premises PaaS

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD MODELS & SERVICES - PAAS

Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers Azure SQL API Azure App
Storage Storage Database Management Service
Networking Networking

On-premises PaaS

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
HO
is SERVERLESS
function-as-a
service (FaaS)

Different
W
from PAAS in terms of
responsibility?
 PaaS Serverless

More c o nt ro l over L e s s c o nt ro l over

d e p l o y m e n t e nv i ro n m e nt d e p l o y m e n t e nv i ro n m e nt
D e v s h ave to
write c o d e
A ppl i cati on h a s to b e A ppl i cati on scales
c o n fi g u r e d to a uto- scale a u to m ati c a l l y
N o server
management
A ppl i cati on ta ke s A ppl i cati on c o d e only
a w h i l e to s p i n u p e x e c u t e s w h e n i n v o ke d
CLOUD MODELS & SERVICES - SAAS

Applications Applications
Data Data
Runtime Runtime
Middleware Middleware Customer just configures features.
OS OS
Virtualization Virtualization CSP is responsible for management,
Servers Servers
operation, and service availability.
Storage Storage
Networking Networking

On- Saa
premises S

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD MODELS & SERVICES - SAAS

Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers
Storage Storage
Networking Networking

On- Saa
premises S

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models

Describe Everything runs on your

Public Cloud cloud provider's hardware.

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models

Describe Advantages include scalability,

Public Cloud agility, pay-as-you-go, no
maintenance, and low skills

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models

Describe A cloud environment in your

Private Cloud own datacenter

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models

Describe Advantages include legacy

Private Cloud support, control, and compliance

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models

Combines public and private

Describe
clouds, allowing you to run your
Hybrid Cloud apps in the right location

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models

Advantages include flexibility in

Describe legacy, compliance, and
Hybrid Cloud scalability scenarios

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
cloud access security broker

WHAT IS A

A cloud access security broker (CASB) is a

security policy enforcement solution that may
be installed on-premises or in the cloud.
shadow IT
 P O S T- Q U A N T U M C R Y P T O G R A P H Y

What is post-quantum cryptography?

The development of new kinds of

cryptographic approaches that can be
implemented using today’s conventional
computers.
…but will be impervious (resistant) to
attacks from tomorrow’s quantum
computers.

Which algorithms a r e susceptible?

 P O S T- Q U A N T U M C R Y P T O G R A P H Y

How well do current encryption algorithms

hold up to the power of quantum
computing?

Shared Key Public Key Cryptography

bulk e n c ryp tio n ( f a s t ) k e y exchange, digital signatures

Holds up fairly well Quantum poses more

to quantum immediate threats here
computing
 P O S T- Q U A N T U M C R Y P T O G R A P H Y

How well do current encryption algorithms

hold up to the power of quantum
computing?

Grover’s algorithm shows that a quantum

computer speeds up these attacks to effectively
halve the key length.
Shared Key
This would mean that a 256-bit key is as strong
bulk e n c ryp tio n ( f a s t ) against a quantum computer as a 128-bit key
is against a conventional computer.

Doubling key length from 128 to 256 does not make

the
128
 P O S T- Q U A N T U M C R Y P T O G R A P H Y

How well do current encryption algorithms

hold up to the power of quantum
computing?
Shor’s algorithm can easily break all of the
commonly used public-key algorithms based on
both factoring and the discrete logarithm problem

Public Key Cryptography This means RSA is vulnerable

k e y exchange,
This means Elliptic Curve is vulnerable
digital signatures
However, Lattice offers some resistance!

Doubling the key length increases the difficulty to break by

a factor of eight. That’s not a sustainable advantage.
 P O S T- Q U A N T U M C R Y P T O G R A P H Y

How well do current encryption algorithms

hold up to the power of quantum
computing?
However, Lattice offers some resistance!

Based on different types of problems: the

QUICK NOTES shortest
vector problem and the closest vector problem
ON
Potentially enables us to replace essentially all of
our currently endangered schemes
Lattice-based cryptographic schemes make up
the lion’s share of scientific publications on post-
quantum cryptography

Research, selection, and standards development is

What exactly is a lattice?

a 3-dimensional a r r a y
o f regularly
s p a ced points
 P O S T- Q U A N T U M C R Y P T O G R A P H Y

If you see a question asking for which types of

public key (asymmetric) algorithms are
“quantum resistant”, the answer is:

LATTICE
cryptography

Cryptographic systems of symbols

that operate on words or phrases and
are sometimes secret but don’t
always provide confidentiality.

Ciphers, are always meant to

hide the true meaning of a
message.
always s e c r e t !
cryptography – TYPES OF CIPHERS
Stream cipher
is a symmetric key cipher where plaintext digits are combined with a
pseudorandom cipher digit stream (keystream). In a stream cipher,
each plaintext digit is encrypted one at a time with the corresponding digit
of the keystream, to give a digit of the ciphertext stream.

Block cipher
is a method of encrypting text (to produce ciphertext) in which a
cryptographic key and algorithm are applied to a block of data (for
example, 64 contiguous bits) at once as a group rather than to one bit at a
time.

Substitution
use the encryption algorithm to replace each character or bit of the plaintext
message with a different character. Julius Caesar developed one of the
earliest ciphers of this type now known as the “Caesar cipher”.
cryptography – TYPES OF CIPHERS
uses an encryption algorithm to rearrange the letters of a plaintext message,
forming the ciphertext message.

c r y p t o g r a p h i c version o f

random

number
is a random bit string ( a nonce) that is XORed with the message, reducing
predictability and repeatability.
Size of the IV varies by algorithm but is normally the same length as the block
size of the cipher or as large as the encryption key.

Three very similar stream ciphers. The main difference between these ciphers
ONE-TIME PAD success factors

For a one-time pad to be successful, the key must be

Generated randomly without any known pattern.
At least as long as the message to be encrypted.
AND
The pads must be protected against physical disclosure
Each pad must be used only one time and then discarded
ALL
CONCEPT: ZERO-knowledge proof

Zero-knowledge proof is a communication concept.

A specific type of information is exchanged, but no real
data is transferred, as with digital signatures and digital
certificates.

It enables one to prove knowledge of a fact to

another individual without revealing the fact itself.
CONCEPT: SPLIT KNOWLEGE

privilege
“
Split knowledge means that the information or
required to perform an operation is divided among
multiple users.
This ensures that no single person has sufficient
privileges to compromise the security of the environment.
concept: work function (work factor)
Work function, or work factor, is a way to measure the
strength of a cryptography system by measuring the
effort in terms of cost and/ or time to decrypt
messages.
Usually, the time and effort required to perform a
complete brute-force attack against an encryption
system is what a work function rating represents.
The security and protection offered by a cryptosystem is
directly proportional to value of its work function/factor.
IMPORTANCE OF KEY
security
Cryptographic keys provide the necessary element
of secrecy to a cryptosystem.
Modern cryptosystems utilize keys that are at least
128 bits long to provide adequate security.

This will change as technologies evolve

and emerge (like quantum computing)
CONCEPT: Symmetric vs Asymmetric

Relies on the use of a shared secret

key. Lacks support for scalability, easy
key distribution, and nonrepudiation
faster

Public-private key pairs for

communication between parties. Supports
stronger scalability, easy key distribution, and
nonrepudiation
confidentiality, integrity & nonrepudiation
Confidentiality
is one of the major goals of cryptography. It protects the secrecy of data
while it is both at rest and in transit.
Integrity
provides the recipient of a message with the assurance that data was not
altered (intentionally or unintentionally) between the time it was created
and the time it was accessed.
Nonrepudiation
provides undeniable proof that the sender of a message actually
authored it. It prevents the sender from subsequently denying that
they sent the original message.
DES (and 3DES) MODES
Electronic Codebook Mode (ECB). Simplest & least secure mode. Processes
64- bit blocks, encrypts block with the chosen key. If same block encountered
multiple times, same encrypted block is produced, making it easy to break.

Cipher Block Chaining (CBC). Each block of unencrypted text is XORed with
the block of ciphertext immediately preceding. Decryption process simply
decrypts ciphertext and reverses the XOR operation.

Cipher Feedback (CFB). Is the streaming version of CBC. Works on data in

real time, using memory buffers of same block size. When buffer is full, data
is encrypted and transmitted. Uses chaining, so errors propagate.

Output Feedback (OFB). Operates similar to CFB, but XORs the plain text with
a seed value. No chaining function, so errors do not propagate.

Counter (CTR). Uses an incrementing counter instead of a seed. Errors do

not propagate.
XOR cipher
The Exclusive-OR option (XOR, also known as binary addition) is used
heavily in cryptology, sounds more complicated than it actually is:
a function of flipping bits in a simple, systematic fashion.

Original Value Key Value Cipher Value

1 1 0
1 0 1
0 1 1
0 0 0

binary values match = 0, o t h e r w i s e cipher value is

1
 A Weakness in cryptography where a plain-text
message generates identical ciphertext
messages using the same algorithm but using
different keys.

DOMAIN 3 : SECURITY ARCHITECTURE & ENGINEERING

asymmetric key types
Public keys are shared among communicating
parties.
Private keys are kept secret.

To encrypt a message: use the recipient’s public key.

To decrypt a message: use your own private key.

To sign a message: use your own private key.

To validate a signature: use the sender’s public key.
each p a r t y has both a private k e y and public key!
example: asymmetric cryptography
Franco sends a message to Maria,
requesting her public key

Maria sends her public key to

Franco

Franco uses Maria’s public key to encrypt

the message and sends it to her

Maria uses her private key to decrypt

the message
HASH FUNCTION REQUIREMENTS
Good hash functions have five
requirements:
1. They must allow input of any length.
2. Provide fixed-length output.
3. Make it relatively easy to compute the hash
function for any input.
4. Provide one-way functionality.
5. Must be collision free.
cryptographic salts

Attackers may use rainbow tables of

precomputed
values to identify commonly used passwords

A salt is random data that is used as an

additional
password input to a one-way function that hashes
or passphrase
Cryptographic
data, a
Adding salts to the passwords before hashing
them reduces the effectiveness of rainbow table
attacks.
Digital Signature Standard

The Digital Signature Standard uses the SHA-1,

SHA-2, and SHA-3 message digest functions…

Works in conjunction with one of three

encryption algorithms:
Digital Signature
Digital Signature Algorithm (DSA)
Standard
Rivest, Shamir, Adleman (RSA) algorithm
Elliptic Curve DSA (ECDSA) algorithm.
public key infrastructure

Certificate authorities (CAs) generate digital

certificates containing the public keys of
system users.

Users then distribute certificates to people with

Public Key whom they want to communicate.
Infrastructure Certificate recipients verify a certificate using the
CA’s public key.

c e r t s used f o r web, n e t w o r k , and some email s e c u r i t y

securing TRAFFIC
Standards for encrypted messages include
S/MIME protocol and Pretty Good Privacy
(PGP).

The de facto standard for secure web traffic

is the use of HTTP over Transport Layer
Security (TLS), largely replacing the older
SSL

IPsec protocol standard provides a common

framework for encrypting network traffic and is
built into many common operating systems.
Ipsec basics

A security architecture framework that supports

secure communication over IP.

Establishes a secure channel in either transport

mode or tunnel mode.

Can be used to establish direct communication

between computers or over a VPN connection

Uses two protocols: Authentication Header (AH)

and Encapsulating Security Payload (ESP)
common cryptographic
attacks
Brute-force attacks are attempts to randomly find the correct
cryptographic key. Known plaintext, chosen ciphertext, and chosen
plaintext attacks require the attacker to have some extra information
in addition to the ciphertext.

Meet-in-the-middle attack exploits protocols that use two

rounds of encryption.

Man-in-the-middle attack fools both parties into

communicating with the attacker instead of directly with each
other.

Birthday attack is an attempt to find collisions in hash

functions.

Replay attack is an attempt to reuse authentication requests.

digital rights management

Allow content owners to enforce restrictions

on the use of their content by others.

Commonly protect entertainment content, such

Digital Rights as music, movies, and e-books
Management Occasionally found in the enterprise, protecting
sensitive information stored in documents.
cryptography – symmetric algorithms
NAME TYPE Algorithm Type Block Size (bits) Key Size (bits) Strength

AES Symmetric Block cipher 128 128, 192, 256 Strong

Blowfish Symmetric 64 32-448 key bit
DES Symmetric Block cipher 64 56 bit Very weak
3DES Symmetric Block cipher 64 112 or 168 bit Moderate
IDEA Symmetric 64 128
RC2 Symmetric 64 128
RC4 Symmetric Stream cipher Streaming 128
RC5 Symmetric RSA Block mode 32, 64, 128 0 – 2,040 bit Very Strong
cipher
Skipjack Symmetric 64 80

Twofish Symmetric 128 1-256

This is a skipjack
cryptography – symmetric algorithms
NAME TYPE Algorithm Type Block Size (bits) Key Size (bits) Strength

AES Symmetric Block cipher 128 128, 192, 256 Strong

Blowfish Symmetric 64 32-448 key bit
DES Symmetric Block cipher 64 56 bit Very weak
3DES Symmetric Block cipher 64 112 or 168 bit Moderate
IDEA Symmetric 64 128
RC2 Symmetric 64 128
RC4 Symmetric Stream cipher Streaming 128
RC5 Symmetric RSA block mode 32, 64, 128 0 – 2,040 bit Strong
cipher
128, 192, 256 -
RC6 Symmetric RSA block mode 128 Very Strong
x2 2,2040
cipher
Skipjack Symmetric 64 80

Twofish Symmetric 128 1-256

cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Yes -
HAVAL Hash 128, 160, 192, 224, 256 No

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA-1 Hash 160 No SHA-2

MD* SHA-224* Hash

SHA-256* Hash
224
256
Yes
Yes
-
-
M e s s a g e Digest SHA-384* Hash 384 Yes -
SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Yes -
HAVAL Hash 128, 160, 192, 224, 256 No

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA-1 Hash 160 No SHA-2

MD* SHA-224* Hash

SHA-256* Hash
224
256
Yes
Yes
-
-
M e s s a g e Digest SHA-384* Hash 384 Yes -
SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Yes -
HAVAL Hash 128, 160, 192, 224, 256 No

MD2 Hash 128 NO MD6, et. Al.

Hash MD4 Hash 128 NO MD6, et. Al.

Algorithms MD5 Hash 128 NO MD6, et. Al.

SHA-1 Hash 160 No SHA-2

MD* SHA-224* Hash

SHA-256* Hash
224
256
Yes
Yes
-
-
M e s s a g e Digest SHA-384* Hash 384 Yes -
SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Yes -
HAVAL Hash 128, 160, 192, 224, 256 No

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA-1 Hash 160 No SHA-2

S HA * SHA-224* Hash
SHA-256* Hash
224
256
Yes
Yes
-
-
S e c u r e Hash SHA-384* Hash 384 Yes -
Algorithm SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Yes -
HAVAL Hash 128, 160, 192, 224, 256 No

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA-1 Hash 160 No SHA-2

S HA * SHA-224* Hash
SHA-256* Hash
224
256
Yes
Yes
-
-
S e c u r e Hash SHA-384* Hash 384 Yes -
Algorithm SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Yes -
HAVAL Hash 128, 160, 192, 224, 256 No

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA-1 Hash 160 No SHA-2
SHA-224* Hash 224 Yes -
SHA-256* Hash 256 Yes -
*SHA-2 variants
SHA-384* Hash 384 Yes -
SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Yes -
HAVAL Hash 128, 160, 192, 224, 256 No

MD2 Hash 128 No MD6, et. al.

Hash MD4 Hash 128 No MD6, et. al.

Algorithms MD5 Hash 128 No MD6, et. al.

SHA-1 Hash 160 NO SHA-2

S HA * SHA-224* Hash
SHA-256* Hash
224
256
YES
YES
-
-
S e c u r e Hash SHA-384* Hash 384 YES -
Algorithm SHA-512* Hash 512 YES -
the three major public key cryptosystems
RSA
is the most famous public key cryptosystem; it was developed by
Rivest, Shamir, and Adleman in 1977. It depends on the difficulty of
factoring the product of prime numbers.

El Gamal
is an extension of the Diffie-Hellman key exchange algorithm that
depends arithmetic.
modular on (less common than R S A in last s e v e r a l y e a r s )

Elliptic curve
Algorithm depends on the elliptic curve discrete logarithm problem and
provides more security than other algorithms when both are used with keys of
the same length.
digital signatures

Rely on public key cryptography and hashing functions

DS algorithms suitable for use in FIPS 186-4 (the Digital
Signature Standard) must use SHA-2 hashing functions

Three currently approved encryption algorithms:

 Digital Signature Algorithm (DSA), as specified in FIPS 186-4
 Rivest, Shamir, Adleman (RSA), specified in ANSI X9.31
 Elliptic Curve DSA (ECDSA), specified in ANSI X9.62
cryptography – asymmetric algorithms

Name Type Algorithm Type Size Strength Replaced By

RSA Asymmetric Key transport 512 Strong -
Diffie-Hellman Asymmetric Key exchange - Moderate El Gamal
El Gamal Asymmetric Key exchange - Very Strong -

Variable (smaller key size

ECC Asymmetric Elliptic Curve due to EC, 160-bit EC Very Strong -
key
= 1025 RSA)
 Security Policy
ISO, NIST, FIPS
Security models are used to determine how security
will be implemented, what subjects can access the
system, and what objects they will have access to.
Security Model
Bell LaPadula, Biba,
They are a way to formalize security policy. State Machine

Typically implemented by enforcing integrity,

confidentiality, or other controls.
Programming Code
Python, Java, C #
Each of these models lays out broad guidelines
and
is not specific in nature.

It is up to the developer to decide how these Operating System

models will be used and integrated into specific Windows, Linux, UNIV
designs.
 DOMAIN 3 : SECURITY MODEL

W H AT IS T H E P U R P O S E O F A

Provides a way for designers to map

abstract statements into a security
policy
 DOMAIN 3 : SECURITY MODEL

W H AT IS T H E P U R P O S E O F A

Determines how security will be

implemented, what subjects can access the
system, and what objects they will have
access to.
state machine model
Describes a system that is always secure no
matter what state it is in.

Based on the computer science definition of a

finite state machine (FSM).

A state is a snapshot of a system at a specific

moment in time. All state transitions must be
evaluated.

If each possible state transition results in another

secure state, the system can be called a secure
state machine.
information flow model
Focuses on the flow of information

Information flow models are based on a state

machine model

Biba and Bell-LaPadula are both information flow

models

Bell-LaPadula preventing information flow from a

high security level to a low security level.

Biba focuses on flow from low to high security

level
Non-interference model

is loosely based on the information flow model.

is concerned with how actions of a subject at a

higher security level affect the system state or
the actions of a subject at a lower security level.

ensures that the actions of different objects and

subjects aren’t seen by (and don’t interfere with)
other objects and subjects on the same system.
Lattice-based model
based on the interaction between
any combination of:
objects (such as resources,
computers, and applications) and
subjects (such as individuals, groups
or organizations).

Lattice-based models are used to define the levels of security

that an object may have and that a subject may have access
to.
security models
Three properties that will be mentioned
repeatedly when talking about security models.

Simple security property

Describes rules for read
Star * security property
Describes rules for write
Invocation property
Rules around invocations (calls), such as to
subjects
security models

government (DoD)
Biba Bell-LaPadula
No read down, no write up
No read up, no write down

Clark-Wilson Brewer and Nash

Access control triple
aka “Chinese Wall”

Goguen-Meseguer
Take Grant
THE noninterference model
Employs a “directed graph”

Sutherland
preventing interference
(information flow and SMM)
 DOMAIN 3 : SECURITY MODELS

Lattice- based

State machine model enforces confidentiality

Uses mandatory access control ( m a c ) to enforce
the
DoD multilevel security policy government!
Simple security property
subject cannot read data at a higher level of
classification. “no read up”
Star * security property
subject cannot write info to lower level of
classification
“no write down”
security models

Mnemonic: “No Running Under Nets With Dingos”

U s e r cannot r e a d higher Bell LaPadula
classifications (no r e a d up)
Subject
Top S e c r e t

READ Secret
WRITE
Confidential

Unclassified

Subject
Objects and cannot w r i t e data into
l o w e r classification
document (no w r i t e down)
 DOMAIN 3 : SECURITY MODELS

A lattice-based model developed to

address concerns of integrity.
Simple integrity property—subject at one level of integrity is
not permitted to read an object of lower integrity. “no r e a d down”
Star * integrity property—object at one level of integrity is
not allowed to write to object of higher integrity. “no w r i t e up”
Invocation property—prohibits a subject at one level of
integrity from invoking a subject at a higher level of
integrity.
 Biba and cannot w r i t e data
into higher classification
Subject document (no w r i t e up)

Top S e c r e t

READ Secret
WRITE
Confidential

Unclassified

U s e r cannot r e a d l o w e r Objects Subject

classifications (no r e a d down)
 DOMAIN 3 : SECURITY MODELS

uses security labels to grant access to objects.

constrained data item (CDI) —is any data item whose
integrity is protected by the security model.
unconstrained data item (UDI) —is any data item that is not
controlled by the security model.
integrity verification procedure (IVP) —is a procedure
that scans data items and confirms their integrity.
Transformation procedures (TPs) —are the only procedures
that are allowed to modify a CDI.
 DOMAIN 3 : SECURITY MODELS

What is the access control

triple(triplet)?

Authenticated Programs Data Items

(transformational
Principal (user) procedures)
(UDIs and CDIs)

Subjects Objects

The relationship between an authenticated principal (i.e., user) and a set of

programs (i.e., TPs) that operate on a set of data items (e.g., UDIs and
 DOMAIN 3 : SECURITY MODELS

another confidentiality-based model that supports four

basic operations: take, grant, create, and revoke.

also called the ”Chinese Wall model”. It was developed to

prevent
conflict of interest (COI) problems. (confidentiality-based)

This model uses a formal set of protection rules for which

each object has an owner and a controller.
It is focused on the secure creation and deletion of both
subjects
and objects.
A collection of eight primary protection rules or actions that
 DOMAIN 3 : SECURITY MODELS

Securely create an
object. Securely create a
subject. Securely delete
an object. Securely
delete a subject.
Securely provide the read access right.
Securely provide the grant access right.
Securely provide the delete access right.
Securely provide the transfer access
right.
 DOMAIN 3 : SECURITY MODES

Dedicated Mode
Security clearance that permits access to ALL info processed by system, approval for ALL
info processed by system, valid need-to-know for ALL info processed by system.
Multilevel Mode
Can process information at different levels even when all system users do not have the
required security clearance to access all information processed by the system.
System High Mode
Each user must have valid security clearance, access approval for ALL info processed by
system, and valid need-to-know for at least SOME info on the system. Offers most
granular control over resources and users of these models.
Compartmented Mode
Goes one step further than System High. Each user must have valid security clearance,
access approval for ALL INFO processed by system, but requires valid need-to-know for
ALL INFO they will have access to on the system.
 DOMAIN 3 : TRUSTED COMPUTING BASE

TCB is a combination of hardware, software and controls that work

together to form a “trusted base” to enforce your security policy
Is a subset of the complete information system. Is the only portion
that can be trusted to adhere to and enforce your security policy
Security perimeter is an imaginary boundary that separates TCB from
the rest of the system
TCB must create secure channels (aka “trusted paths”) to
communicate with the rest of the system
Protects users (aka subjects) from compromise as a result of TCB
interchange
reference monitor & security kernel

Reference e n f o r c e s a c c e s s co n t ro l
monitor
is the logical part of the TCB that confirms whether a
subject has the right to use a resource prior to granting
access.

Security kernel implements a c c e s s co n t ro l

is the collection of the TCB components that implement
the functionality of the reference monitor.
D O M A I N 3 : TSCSEC, ITSEC, and C O M M O N CRITERIA

Common Criteria (ISO-IEC 15408)

The Common Criteria enable an objective evaluation to validate that a
particular product or system satisfies a defined set of security requirements.

TCSEC (Trusted Computer System Evaluation Criteria)

A structured set of criteria for evaluating computer security within products
and systems.

ITSEC (Information Technology Security Evaluation Criteria)

The ITSEC represents an initial attempt to create security evaluation criteria
in
Europe. TSEC uses two scales to rate functionality and assurance.

CC Has r e p l a c e d o r superseded both I T C S E C and ITSEC.

 D O M A I N 3 : C O M M O N C R I T E R I A ( I S O - I E C 15408)

repeat 1Description
of Assets
Assumptions &
Security Policies

5 Selection of Security
Functional Requirements 2 Identification
of Threats

System &
Environment
Objectives

4 Determination of
Security Objectives
3 Analysis & Rating
of Threats

TWO Safety Risk

Analysis
FLAVORS
community Protection Profile (cPP) b l a c k box
Evaluation Assurance Level (EAL) w h i t e box
D O M A I N 3 : TSCSEC, ITSEC, and C O M M O N CRITERIA

Comparison of security evaluation standards

TCSEC ITSEC CC description

D F-D+E0 EAL0, EAL1 Minimal/no protection

C1 F-C1+E1 EAL2 Discretionary security mechanisms

C2 F-C2+E2 EAL3 Controlled access protection

B1 F-B1+E3 EAL4 Labeled security protection

B2 F-B2+E4 EAL5 Structured security protection

B3 F-B3+E5 EAL6 Security domains

A1 F-B3+E6 EAL7 Verified security design

 DOMAIN 3 : COVERT CHANNELS

A method that is used to pass information over a

path that is not normally used for
communication.

Because it’s not normally used, it may not be

protected by the system’s normal security controls.

Two types: covert timing channel and

covert storage channel

hard to d e t e c t b e c a u s e it’s outside normal co m m channels

S E C U R I T Y M O D E L S , D E S I G N , C A PA B I L I T I E S

A chip that resides on the motherboard of the

device.

Multi-purpose, like storage and management

of keys used for full disk encryption (FDE)
solutions.

Provides the operating system with access to

keys,
but prevents drive removal and data access
 DOMAIN 3 : TYPES OF ACCESS CONTROL

Mandatory Access Control

Enforces an access policy that is determined by the
system, not the object owner. Relies on classification labels
that are
representative of security domains and realms.

Discretionary Access Control

Permits the owner or creator of an object to control and
define
its accessibility, because the owner has full control by
default.

Non-discretionary Access Control

Enables the enforcement of system-wide restrictions that
override object-specific access control.
 DOMAIN 3 : ACCESS CONTROL

Uses a well-defined collection of named job roles to

endow each one with specific permissions, thereby
seeking to ensure that users who occupy such roles can
access what they need to get their jobs done.
 D O M A I N 3 : M A C M O D E L C L A S S I F I C AT I O N S

Hierarchical environment
Various classification labels are assigned in an ordered
structure from low security to medium security to high security.

Compartmentalized environment
Requires specific security clearances over compartments or
domains instead of objects.
Hybrid environment
Contains levels with compartments that are isolated from the
rest of the security domain. Combines both hierarchical and
compartmentalized environments so that security levels have
subcompartments.
 D O M A I N 3 : M A D AT O R Y A C C E S S C O N T R O L

labels are
A key point about the
“
object and every subject has one or more labels.
These predefined, and the system
MAC model is that
determines access based on assigned labels.
every
security models, design, and capabilities

The technical evaluation of each part of a

computer system to assess its
concordance with security standards
agreement,

alignment

The process of formal acceptance of a

certified configuration from a designated
authority.
security models, design, and capabilities

are designed using industry standards and

are usually easy to integrate with other
open systems

are generally proprietary hardware

and/or software. Their specifications are
not normally published, and they are
usually harder to integrate with other
systems.
ensure Confidentiality, integrity, availability

Confinement restricts a process to reading from and

writing to certain memory locations.
Bounds are the limits of memory a process
cannot exceed when reading or writing.
Isolation is the mode a process runs in when it
is confined through the use of memory bounds.
factors of authentication

Something you know (pin or password)

MFA
factors of authentication

Something you know (pin or password)

Something you have (trusted device)

MFA
factors of authentication

Something you know (pin or password)

Something you have (trusted device)
Something you are (biometric)
MFA
authentication & authorization

Authentication (AuthN) is the process of

AuthN proving that you are who you say you are.
and
AuthZ
authentication & authorization

Identity

Authentication (AuthN) is the process of

proving that you are who you say you are.
Authorization (AuthZ) is the act of granting an
AuthN
authenticated party permission to do something.
and
AuthZ Access
authentication & authorization

Permissions, rights, and privileges are then

granted to users based on their proven identity.
If user has rights to a resource, they are
AuthN
granted
and authorization.
AuthZ
authentication & authorization

Permissions, rights, and privileges are then

granted to users based on their proven identity.
If user has rights to a resource, they are
granted
AuthN
authorization.
and
AuthZ Authentication can be achieved with both
symmetric and asymmetric cryptosystems.
Multitasking and Multithreading

simultaneous execution of more than one

application on a computer and is
managed by the operating system.

Permits multiple concurrent tasks to be

performed within a single process.
multiprocessing and Multiprogramming

The use of more than one processor

to
increase computing power.

Similar to multitasking but takes place on

mainframe systems and requires specific
programming.
single-state and multistate processors

whereas multistate
Single-state process
“
operating at only one security level at a time,
can simultaneously
ors are
operate at multiple security levels.
capable of
processor operating modes

Applications operate in a limited instruction

set environment known as user mode

Controlled operations are performed in

privileged mode, also known as system
mode, kernel mode, and supervisory
mode.
 DOMAIN 3 : MEMORY

Read-only Memory (ROM).

Read-only. Contents burned in at factory.
RAM.
Static RAM (SRAM) uses flip-flops, dynamic RAM
(DRAM) uses capacitors
PROM.
Programmable chip similar to ROM, with several sub-
types (described here).
EPROM.
Erasing, Clearing (overwriting w/ unclassified data).
 DOMAIN 3 : MEMORY

There are two main subcategories of EPROM, which

are UVEPROM and EEPROM
Ultraviolet EPROM (UVEPROM)
chips have a small window that, when illuminated with
a special ultraviolet light, erases contents.
Electronically Erasable PROM (EEPROM)
uses electric voltages delivered to the pins of the chip
to force erasure. (a more flexible alternative to
UVEPROM)
Flash Memory. Derivative concept from EEPROM.
nonvolatile, can be electronically erased and
security issues with storage
Primary storage is the same as memory.
Secondary storage consists of magnetic, flash, and
optical media that must be first read into primary
memory before the CPU can use the data.
Random access storage devices can be read at any
point
Sequential access storage devices require scanning
through all the data physically stored before the desired
location.
security issues with storage

Three main security issues

surrounding secondary storage devices:
1.Removable media can be used to
steal data
2. Access controls and encryption must
be applied to protect data
3. Data can remain on the media even after
file deletion or media formatting.
security risks of input & output devices

Subject to eavesdropp
“
smuggle data out of an organization, or used to
create unauthorized, insecure points of entry
ing and tapping,
into an organization’s systems and networks.

used to
The purpose of firmware

THE PURPOSE OF

Software stored on a ROM chip, containing basic instructions

needed to start a computer. Also used to provide operating
instructions in peripheral devices such as printers
vulnerabilities, threats, & countermeasures
Process isolation
ensures that individual processes can access only their own data.
Layering
creates different realms of security within a process and limits
communication
between them.
Abstraction
creates “black-box” interfaces for programmers to use without requiring
knowledge of an algorithms or device’s inner workings.
Data hiding
prevents information from being read from a different security level. Hardware
segmentation enforces process isolation with physical controls.
The ROLE of SECURITY POLICY

THE ROLE OF

The role is to inform and guide the design,

development, implementation, testing, and
maintenance of some particular system.
vulnerabilities, threats, & countermeasures
Cloud computing
the concept of computing where processing and
storage are performed elsewhere over a network
connection rather than locally. (Azure, Amazon, GCP)

Sensitive & confidential data can be at risk IF the cloud

provider and their personnel might not adhere to the
same security standards as your organization.
Hypervisors

The hypervisor, also known as a virtual machine monitor (VMM), is the

component
of virtualization that creates, manages, and operates the virtual machines
(VMs).

Type I hypervisor
A native or bare-metal hypervisor. In this configuration, there is no host OS;
instead, the hypervisor installs directly onto the hardware where the host OS
would normally reside.

Type II hypervisor
A hosted hypervisor. In this configuration, a standard regular OS is present on
the hardware, and the hypervisor is then installed as another software
application.
cloud access security broker

WHAT IS A

A cloud access security broker (CASB) is a

security policy enforcement solution that may
be installed on-premises or in the cloud.
shadow IT
 A cloud provider concept in which
security is provided to an
organization through or by an online
entity.
DOMAIN 3 : SECURITY ARCHITECTURE & ENGINEERING
smart devices

Mobile devices that offer customization

options, typically through installing apps,
and may use on-device or in-the-cloud
artificial intelligence (AI) processing.
internet of
things

A class of devices connected to the internet in

order to provide automation, remote control, or
AI processing in a home or business setting
mobile device and mobile app security
Mobile device security
the range of potential security options or features that may be available for
a mobile device. security features include full device encryption, remote
wiping, lockout, screen locks, GPS, application control, etc.

Understand mobile application security

the applications and functions used on a mobile device need to be secured.
Related concepts include key management, credential management,
authentication,
geotagging, encryption, application whitelisting, and transitive trust/authentication.

Bring your own device (BYOD)

is a policy that allows employees to use their own personal mobile devices to work
to access business information and resources. May improve employee morale
and job satisfaction, but it increases security risks to the organization.
embedded systems & static environments
Embedded system
is typically designed around a limited set of specific functions in relation to
the larger product of which it’s a component.

Static environments
are applications, OSs, hardware sets, or networks that are configured for a
specific need, capability, or function, and then set to remain unaltered.

Both need security management. These techniques may include

network segmentation, security layers, application firewalls, manual
updates, firmware version control, wrappers, and control redundancy and
diversity.
privilege & accountability
Principle of least privilege
ensures that only a minimum number of processes
are authorized to run in supervisory mode.

Separation of privilege
increases the granularity of secure operations.

Accountability ensures that an audit trail

exists to trace operations back to their source.
common flaws & vulnerabilities
Buffer overflow
occurs when the programmer fails to check the size of input
data prior to writing the data into a specific memory location.

In addition to buffer overflows, programmers can leave back

doors
and privileged programs on a system after it is deployed.

Even well-written systems can be susceptible to time-of-check-to-

time-of-use (TOCTTOU) attacks. Any state change presents an
opportunity for an attacker to compromise a system.
functional order of security
controls

Deterrence Denial Detection Delay

functional order of security
controls

Deter Deny Detect Delay

functional order of security
controls

Deter Deny Detect Delay Determine Decide

physical security controls
Physical security controls can be divided into three groups:
Administrative
also known as management controls and include policies and procedures, like
site management, personnel controls, awareness training, and emergency
response and procedures.
Logical
also known as technical controls and are implemented through technology
like access controls, intrusion detection, alarms, CCTV, monitoring, HVAC,
power supplies, and fire detection and suppression.
Physical
use physical means to protect objects and includes fencing, lighting, locks,
construction materials, access control vestibules (mantraps), dogs, and
guards.
physical security requirements
Know the logical controls for physical
security
Technical controls for physical security include:
- access controls
- intrusion detection
- alarms
- CCTV and monitoring
- HVAC
- power supplies
- fire detection and suppression
physical security requirements
Know administrative controls for physical
security
Administrative controls for physical security include:
- facility construction
- facility selection
- site management
- personnel controls
- awareness training
- emergency response
- emergency procedure
physical security requirements
Know the physical controls for physical
security
Physical
- fencingcontrols for physical security include:
- lighting
- locks
- construction materials
- mantraps
- dogs
- guards
physical security requirements

There is no security without physical security

Without control over the physical environment, no
amount of administrative or technical/logical
access controls can provide adequate security.
If a malicious person can gain physical access to your
facility or equipment, they can do just about anything
they want, from destruction to disclosure and alteration.
physical security controls

3-4 feet – deters casual Blackout: prolonged loss of power

trespasser 6 - 7 feet – too hard to Brownout: prolonged low voltage
Fault: short loss of power
climb easily 8 feet (w/ barbed
Surge: prolonged high
wire) – will deter voltage Spike: temporary
intruders
high voltage Sag: temporary
low voltage
Humidity: 40% – 60% ideal
8 feet high with 2 feet candle
Temps: for computers 60-75F power
(15- 23C), damage at 175F.
Manage storage devices
damaged at 100F
humidity and static electricity

nonstatic carpet, low

Too much humidity c
“
little humidity causes static electricity. Even on
humidity can
an cause
20,000-volt static discharge!
generate

corrosion. Too
fire and suppression agents
Class A (ASH) fires are common combustibles such as wood, paper, etc. This
type of fire is the most common and should be extinguished with water or soda acid.

Class B (BOIL) – fires are burning alcohol, oil, and other petroleum products
such as gasoline. They are extinguished with gas or soda acid. You should never
use water to extinguish a class B fire.

Class C (CONDUCTIVE) – fires are electrical fires which are fed by

electricity and may occur in equipment or wiring. Electrical fires are conductive
fires, and the extinguishing agent must be non-conductive, such as any type of
gas.

Class D (DILYTHIUM) – fires are burning metals and are extinguished with
dry powder.

Class K (KITCHEN) – fires are kitchen fires, such as burning oil or grease.
Wet
chemicals are used to extinguish class K fires.
fire extinguisher classes

Fire extinguishers and suppression agents

Class Type Suppression material

Common Water, soda acid (a dry

A combustibles powder or liquid chemical)
B Liquids CO2, halon, soda acid
C Electrical CO2, halon
D Metal Dry powder
K Kitchen Wet chemicals
voltage and noise
Electromagnetic interference
• Common mode noise. Generated by the
difference in power between the hot and Static
Possible Damage
Voltage
ground wires of a power source operating
40 Destruction of sensitive circuits
electrical equipment
and other components
• Traverse mode noise. Generated by a difference in 1,000 Scrambling of monitor displays
power in the hot and neutral wires of a power 1,500 Destruction of hard drive data
source operating electrical equipment 2,000 Abrupt system shutdown

Radio frequency interference 4,000 Printer jam or component

damage
(RFI) 17,000 Permanent circuit damage
is the source of interference that is generated by
electrical appliances, light sources, electrical cables
and circuits, and so on.
damage from fire and fire supression
The destructive elements of a fire include smoke and heat but
also the suppression medium, such as water or soda acid.
Smoke is damaging to most storage devices.
Heat can damage any electronic or computer component.
Suppression mediums can cause short circuits,
initiate corrosion, or otherwise render equipment
useless.

All of these issues must be addressed when designing a fire

water suppression systems
good f o r a r e a s with
people + computers
Preaction systems use closed sprinkler heads, and the pipe is charged
with compressed air instead of water. The water is held in check by an
electrically- operated sprinkler valve and the compressed air.

Wet pipe systems are filled with water. Dry pipe systems contain
compressed air until fire suppression systems are triggered, and then the pipe is
filled with water; and flame activated sprinklers trigger when a predefined
temperature is reached.

Dry pipe systems also have closed sprinkler heads: the difference is the
pipes are filled with compressed air. The water is held back by a valve that remains
closed as long as sufficient air pressure remains in the pipes. Often used in areas
where water may freeze, such as parking garages.

Deluge systems are similar to dry pipes, except the sprinkler heads are
open and larger than dry pipe heads. The pipes are empty at normal air pressure;
gas discharge systems
Usually more effective than water discharge systems, but
should not be used in environments where people are located,
because they work by removing oxygen from the air.

Halon is effective, but bad for environment (ozone-depleting),

turns to toxic gas at 900F. Suitable replacements include:
• FM-200 (HFC-227ea) • Argon (IG55) or Argonite
• CEA-410 or CEA-308 (IG01)
• NAF-S-III (HCFC Blend • Inergen (IG541)
A) • Aero-K
• FE-13 (HCFC-23)
lock types
Electronic Combination Locks
(aka Cipher lock) Something you know

Key Card Systems

Something you have

Biometric Systems
Something you are

Conventional Locks
Easily picked / bumped & keys easily duplicated

Pick-and-Bump Resistant Locks

Expensive, harder to pick & keys not easily duplicated.
facility design specifications

Remember what locks can be

picked and which need to be
bumped
Remember how high lights and
fences
need to be
Know the different physical controls
related to entry
mantrap
facility design specifications

Remember what locks can be

picked and which need to be
bumped
Remember how high lights and
fences
need to be
bollard
Know the different physical controls
related to entry
site selection & facility design
Know key elements in site selection and facility
design.

For site selection

Visibility, composition of the surrounding area, area
accessibility, and the effects of natural disasters.

For facility design

Understanding the level of security needed by your
organization and planning for it before construction begins.
secure work area design and configuration
Know how to design and configure secure work
areas.

There should not be equal access to all locations within a

facility. Areas with high-value assets require restricted access.
Valuable and confidential assets should be located in
the heart or center of protection provided by a facility.
Centralized server or computer rooms need not be human
compatible.
threats to physical access controls
No matter which physical access control is used, a security
guard or other monitoring system must be deployed to
prevent:

Abuses of physical access control include propping open

secured doors and bypassing locks or access controls.
Masquerading is using someone else’s security ID to
gain
entry to a facility.
Piggybacking is following someone through a
secured gate or doorway without being identified or
securing a wiring closet
Know the security concerns of a wiring closet

This is where the networking cables for a floor or even a

whole building are connected to essential equipment, such
as patch panels, switches, routers, and backbone channels.
Most security focuses on preventing physical
unauthorized access. If an unauthorized intruder gains
access, they may steal equipment, pull/cut cables, or plant
a listening device.
physical security requirements
Understand how to handle visitors in a secure
facility.

If a facility employs restricted areas to control physical

security, then a mechanism to handle visitors is required.
Often an escort is assigned to visitors, and their
access and activities are monitored closely.
Tracking actions of outsiders when they are granted
access to prevent malicious activity against the most
protected assets.
physical security requirements
Understand the needs for media storage
Media storage facilities should be designed to securely store
blank, reusable, and installation media.
Concerns include, theft, corruption, data remnant
recovery Media storage facility protections include
- locked cabinets or safes
- using a librarian/custodian
- implementing a check-in/check-out process
- using media sanitization
evidence storage
Understand the concerns for evidence storage
Used to retain logs, drive images, virtual machine snapshots,
and other datasets for recovery, internal investigations, and
forensic investigations.
Protections for evidence storage include:
- locked cabinets or safes
- dedicated/isolated storage facilities
- offline storage
- access restrictions and activity tracking
- hash management and encryption
Audit trails and access
logs
Audit trails and access logs are useful tools for
managing for physical access control.
Creation May need to be created manually by security guards or
may generated automatically with the right equipment (smartcards
and certain proximity readers).
Monitoring You should also consider monitoring entry points with
CCTV. Through CCTV, you can compare the audit trails and access
logs with a visually recorded history of the events.

Why are these important? Such information is critical to

reconstructing the events of an intrusion, breach, or attack.
the need for clean power
Power supplied by electric companies is not always
consistent and clean.
Most electronic equipment requires clean power in order to
function properly and avoid damage.

A UPS is a type of self-charging battery that can be used

to
- supply consistent, clean power to sensitive equipment.
- supply power for minutes or hours (depending on it’s
size) in the event of power failure