Archive for the 'CISSP' Category


CISSP notes – Ch. 1 – Access Control..

Nov 27, 2008 in CISSP, Security, Uncategorized

From: CISSP Training Guide by Roberta Bragg

CISSP Training Guide

Confidentiality – Disclosure
Integrity – Alteration
Availability – Destruction

CIA: Confidentiality, Integrity, Availability
DAD: Disclosure, Alteration, Destruction (Denial)

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system.

In most cases, you want to give the user the least amount of access he needs to do his job and nothing else. This concept is often referred to as the principle of least privilege. It gives you the power of combining authentication with access control.

The biggest problem with accountability is shared accounts.

Common access control techniques (types of access control)

  • Discretionary access control
  • Mandatory access control
  • Lattice-Based access control
  • Rule-Based access control
  • Role-Based access control
  • The use of access control lists

Discretionary access control
 Essentially based on human decisions.

Mandatory access control
 Based on using subject classification levels

Lattice-Based access control
 Based on graphs, partial order: reflexive, anti-symetric and transitive.

Rule-Based access control
 ACLs – a formalized rule-based control mechanism.

Role-Based access control
 Bell-LaPadula (BLP).
 .. confidentiality: is to prevent, detect, and deter unauthorized access to information..
 Simple security rule: Read Up No, Read Down Yes or RUN-RDY
 Star (or *) property: Write Up Yes, Write Down No or WUY-WDN
 Biba Model
 Deals with integrity ; opposite to BLP:
 Simple security: Read UP Yes, Read DOWN NO
 Star property: Write DOWN YES, Write UP Yes

The use of access control lists

Access Control Methodologies

 Centralized, Decentralized

Intrusion Detection (IDS)

 Methods and tools for monitoring networks and hosts and looking for attacks.

 IDS method types:

  • Host/Network
  • Passive/Active (listening, observing/collecting, scanning)
  • Known/Unknown (types of attacks)

Types of attacks

  • Monitoring
  • Spamming
  • Active
  • Passive

A key motto of security (again) is: “prevention is ideal, but detection is a must.”

IDS technique types

  • Signature matching
  • Anomaly Detection

Most systems are based on signature detection with some anomaly detection.

Common tools: Nessus and nmap.

CISSP Notes – Ch. 2 – Telecommunications and Network Security

Nov 25, 2008 in CISSP, Security

From: CISSP Training Guide by Roberta Bragg

CISSP Training Guide

Telecommunications and Network Security domain encompasses the structures, transmission methods, transport formats, and security measures used to provide integrity, availability, authentication, and confidentiality for transmissions over private and public communications networks and media.

OSI layers

Application layer (Layer 7) — Primarily responsible for interfacing with the user. This is the application interface that the user experiences.
 Email, chat, database apps, www apps.

Presentation layer (Layer 6) — Primarily responsible for translating the data from something the user expects to something the network expects.
 Encryption, data conversion: graphics, media, redirectors: SMB, NCP .

Session layer (Layer 5) — Primarily responsible for dialog control between systems and applications.

Transport layer (Layer 4) — Primarily responsible for handling end-to-end data transport services.
 End-to-end comm., segmentation, re-assembly, TCP & UDP .

Network layer (Layer 3) — Primarily responsible for logical addressing.
 Logical addressing of packets.

Data Link layer (Layer 2) — Primarily responsible for physical addressing.
 Physical addressing of frames and translation of packets to/from network layer into bits for the physical layer.
 Does error checking and correction.
 Switches and bridges are datalink-layer devices.
 Broadcast and unicast.
 Media Access Control (MAC)

Physical layer (Layer 1) — Primarily responsible for physical delivery and specifications.
 Send and receive data over electrical signals.
 DTE (Data Terminal Equipment) and the DCE (Data Circuit-Terminating Equipment)
 Hubs and repeaters are considered physical-layer devices.


Cabling/Transport Media

 Ethernet Local Area Networks (LANs) typically utilize three types of cabling—coax, unshielded twisted pair (UTP), and fiber optic as well as wireless transmissions.

Network topologies:

  • Linear bus – devices in a row on a segment ; 1 signal at a time-contention; coax ; termination.
  • Star – devices connected to a hub.
  • Ring – loop of cable to interconnect the devices.
  • Tree – is based in part on the bus and the star topology.
  • Mesh – that every node on a network is connected to every other node.

LANs Transmission Techniques

  • Unicast – The packet is addressed to a specific destination host, both physically and logically.
  • Broadcast – The packet is destined to all hosts on a subnet or network. .. ARP is sometimes referred to as a directed broadcast.
  • Multicast— The packet is addressed to multiple hosts via the use of group membership addresses. Multicasts play the middle ground between needing to repeatedly send unicasts to multiple destinations and broadcasting to all destinations.

Ethernet is the single most predominant technology in use today.

Ethernet is specified in the IEEE 802.3 specification as a Carrier Sense, Multiple Access/Collision Detection (CSMA/CD) methodology.

Today’s networks are primarily made up of five categories or types of devices:

Hubs and repeaters are physical-layer devices.
Switches and bridges are datalink-layer devices.
Routers are network-layer devices.


  • Packet filtering
  • – .. layer-3 or layer-4 information in a packet before making a filtering decision.
    – first-generation firewalls.

  • Application proxy
  • – Application-filtering firewalls function by reading the entire packet up to the Application layer before making a filtering decision.
    – sometimes referred to as an ALG (Application Level Gateway) and is considered a second-generation firewall.

  • Circuit proxy
  • – Circuit proxy firewalls are a bit of a hybrid between application proxies and packet-filtering firewalls.

  • Stateful inspection
  • – network connection state is tracked by the firewall and then used in determining what traffic should be allowed to pass back through the firewall.
    – “connectionless,” such as UDP or certain types of remote procedure call traffic.
    – third-generation firewalls.

  • Dynamic packet filtering
  • – limited support of connectionless protocols like UDP.

  • Kernel proxy
  • – .. are typically highly customized and specialized firewalls that are designed to function in kernel mode of the operating system.

  • Pf Ap Cp Si Dp Kp

VPN Protocols

Three primary technologies are used for providing remote access VPN capabilities:

PPTP (Point to Point Tunneling Protocol) – PPTP is a Microsoft-developed technology that provides remote access by encapsulating PPP inside a PPTP packet. PPTP uses the PPP authentication mechanisms of PAP, CHAP, or MS-CHAP for authentication and RSA RC4 and 40-bit or 128-bit session keys and encryption. PPTP supports multi-protocol tunneling.

L2TP (Layer 2 Tunneling Protocol) – L2TP is similar in function to PPTP, but it does not use any vendor-specific encryption technologies. In addition, L2TP supports the use of RADIUS and TACACS for authentication, and IPSec (Internet Protocol Security) and IKE (Internet Key Exchange) for encryption and key exchange respectively. L2TP supports multi-protocol tunneling.

IPSec – IPSec is a network-layer encryption and security mechanism that can be used as a standalone VPN solution, or as a component of an L2TP VPN solution. IPSec supports the use of DES (Data Encryption Standard) and 3DES (Triple DES), (DES scheme was hacked in 1999, use 3DES). Use 128-bit MD5-HMAC (Message Digest 5—Hash Message Authentication Code) or 160-bit SHA-HMAC (Secure Hash Algorithm—Hash Message Authentication Code). IPSec supports the use of AH (Authentication Header) security, in which the IP header is secured but the data is not, or ESP (Encapsulation Security Payload) in which the entire packet is encrypted and secured.

Remote Access Authentication

RADIUS (Remote Authentication Dial In User Service) is a UDP-based de facto industry standard for providing remote access authentication via a client/server model. .. uses a combined authentication and authorization profile, which means that RADIUS access is typically “all or none.” You are either allowed to connect, or you are not.

TACACS (Terminal Access Controller Access Control System) is an older authentication technology that has been largely marked “end-of-life,”.

TACACS+, which sounds similar, is actually an entirely new protocol. Similar in function to RADIUS, .. separating the authentication and authorization capabilities, as well as using TCP for connectivity. As a result, TACACS+ is generally regarded as being more reliable than RADIUS.

Networking Protocols

DOD protocol: Network, Internet, Transport (Host to Host), Application.

  • Application Layer Protocols
  • BootP, FTP, LPD, NFS, POP3, SMTP, SNMP, Telnet, TFTP, X-Windows

  • Transport Layer Protocols
  • TCP: Connection oriented, end-to-end. Reliable. SYNs and ACKs. Acknowledged transfer. Re-assembled packets.
    UDP: Connectionless, faster than TCP. Unreliable. Un-acknowledged transfer.

  • Internet Layer Protocols

Protecting CIA of Network Data

  • Confidentiality
  • – data transmitted is to be read only by the intended recipient. (security, encryption)

  • Integrity
  • – assurance that the data that was received is the data that was transmitted. (non-repudiation, firewalls, IDS)

  • Availability
  • – reliability and stability of network systems and applications. (DoS prevention measures, fault tolerance, usable performance)

Trusted Network Interpretation

DOD, The Rainbow books, the “Orange” book defines Trusted Computer Security Evaluation Criteria – TCSEC .

Criteria entries:

Division D – Specifies the minimal protection is available.

Division C – Specifies that, through the use of auditing, discretionary protection and accountability of subjects and the actions they initiate are covered.

Division B – Specifies that mandatory access control rules are required. Systems in this division are required to carry sensitivity labels with major data structures in the system.

Division A – These systems use formal security verification to assure that all of the security controls employed can effectively protect classified or other sensitive information via a stringent design verification.

Intrusion Detection Systems (IDSs)

IDS is detective (after the fact).

Network- vs host-based IDSs

Knowledge- vs Behavior-based IDSs.

Network-based IDSs are essentially raw packet–parsing engines, basically a network sniffer on steroids. They capture traffic in promiscuous mode, allowing it to capture all traffic on the segment, and will generally analyze the packets in what is considered real time.


Most Host-based IDS are designed to monitor logins and processes, typically through the use of auditing system logs.

Knowledge-based IDS

  • Can be network- or host-based.
  • .. maintains a database of known attacks and vulnerabilities (in other words, knowledge) and detects whether attempts to exploit these vulnerabilities are occurring.
  • .. sometimes referred to as signature based.
  • Benefits: Low degree of false positives ; Alarms are standard and easy to understand.
  • Drawbacks: Resource intensive.. IDS must be constantly updated ; New attacks can go unnoticed – if signatures not available or updated.

Behavior-based IDS

  • is more complex than knowledge-based IDS
  • functions by attempting to “learn” normal user behavior patterns and then alarm when activity occurs that is outside of the normal use.
  • Behavior-based IDS is sometimes referred to as anomaly-based IDS.
  • Benefits: Systems can dynamically respond to new, original, or unique exploits and attacks ; Not dependent on specific operating systems.
  • Drawbacks: High false alarm rates are very common.. too many false alarms mask real attacks. ; In environments with frequently changing patterns, the IDS has difficulty establishing a baseline.

Intrusion Response

Intrusion response is the principle of defining how to respond when an intrusion is detected.

Intrusion response is often defined as part of the responsibilities of a Computer Incident Response Team (CIRT).

The primary responsibility of the CIRT is to define and execute the company’s response to an incident via a process known as Incident

Response Management.

  • Coordinate how the notification and distribution of incidents should occur.
  • Mitigate the risk of an incident by minimizing disruptions and the costs involved in remediating the incident.
  • Assemble teams of people to investigate and resolve potential incidents.
  • Provide active input in the design and development of the company security policy.
  • Manage and monitor logs.
  • Manage the resolution of incidents, including post mortems of incidents.

Common Attacks and Countermeasures

Class A Unauthorized access Social engineering, Brute force
Class B Non-business use PBX fraud and abuse, Email and Internet abuse
Class C Eavesdropping Network sniffing, Dumpster diving, Keystroke recording
Class D Denial of service SYN flooding, Buffer overflows, Teardrop attacks, LAND attacks, SMURF attacks, Distributed denial-of-service (DDoS) attacks
Class E Network intrusion and prevention Spoof attacks, Trojans, Viruses and worms, Back doors, TCP hijacking, Piggy-backing
Class F Probing Port scans, Banner abuse, sniffing

CISSP TOC Part 1 ..

Aug 15, 2008 in CISSP, Security

Domain 1: Access Control Systems and Methodology 25
Domain 2: Network and Telecommunications 26
Domain 3: Security Management and Practices 28
Domain 4: Applications and Systems Development 28
Domain 5: Cryptography 29
Domain 6: Security and Architecture Models 29
Domain 7: Operations Security 29
Domain 8: Business Continuity and Disaster Recovery Planning 30
Domain 9: Law, Investigation, and Ethics 31
Domain 10: Physical Security 31

Chapter 1. Access Control Systems and Methodology 33
..Discretionary Access Control 40
..Mandatory Access Control 40
..Lattice-Based Access Control 41
..Rule-Based Access Control 44
..Role-Based Access Control 45

..Access Control Models 49
….Bell-LaPadula 49
….Simple Security 49
….Star Property 50
….Biba 50

..Identification and Authentication Techniques 53
….Passwords 53
….One-Time Passwords 54
….Challenge Response 54
….Biometrics 54
….Tickets 54
….Single Sign-On 55

..Access Control Methodologies 56
….Centralized/Remote Authentication Access Controls 56
….Decentralized Access Control 56
….Domains 57
….Trust 57

..Methods of Attacks 59
….Brute-Force 59
….Denial-of-Service 59
….Spoofing 60
….Sniffing 60
….Monitoring 61

..Intrusion Detection 61
….Types of Intrusions 61
……Host Versus Network 61
……Passive Versus Active 62

..How Intrusion Detection Works 63
….Signature Matching 63
….Anomaly Detection 63

..Penetration Testing 65
….Penetration Testing Versus Security Assessments 65
….Ethical Issues 66
….Performing a Penetration Test 66

..Common Tools 67

Chapter 2. Telecommunications and Network Security 87

..The Open Systems Interconnection Model 95
….The OSI Layers 96
….Figure 2.1. The OSI model. 97
….Application Layer 98
….Presentation Layer 98
….Session Layer 99
….Transport Layer 99
….Network Layer 99
….Data Link Layer 100
….Physical Layer 101

..Coax 104
..10BASE-2 Specifications 105
..Figure 2.3. 10BASE-2 connectors. 105
..10BASE-5 Specifications 105
..Unshielded Twisted Pair 106

..Network Topologies 112
….Linear Bus Topology 112
….Star Topology 114
….Ring Topology 115
….Tree Topology 116
….Mesh Topology 117

….LAN and WAN Technologies 117
….Ethernet 118
….Token-Ring and FDDI 120
….Attached Resource Computer Network 121

….LAN Devices 122
….Hubs and Repeaters 122
….Switches and Bridges 122
….VLANs 123
….Routers 125
….Firewalls 125
….Figure 2.13. Packet-filtering firewall. 128
….Figure 2.14. Screened-host firewall. 128
….Figure 2.15. Screened-subnet firewall (with DMZ). 129
….Figure 2.16. Dual homed host firewall. 129

..Gateways and Proxies 130
..WAN Technologies 131
..Dedicated Connections 131
..Circuit-Switched Connections 132
..Packet-Switched Connections 132
..Cell-Switched Connections 132
..WAN Services 133
..Point-to-Point Protocol and Serial Line Internet Protocol 133
..High-Level Data-Link Control 133
..X.25 134
..Link Access Procedure Balanced 134
..Frame Relay 134
..Synchronous Data-Link Control 134
..Integrated Services Data Network 134
..Digital Subscriber Line 135
..Switched Multimegabit Data Service 135
..High Speed Serial Interface 135
..WAN Devices 136

..Providing Remote Access Capabilities 137
..Client-Based Dial-in Remote Access 137
..Using Tunneling As a Security Method 138
..Virtual Private Networks 138
..Client-Based VPNs 138
..Site-to-Site VPNs 139
..VPN Protocols 140
..Remote Access Authentication 141
..Networking Protocols 142
..Transmission Control Protocol/Internet Protocol 142

..Figure 2.19. The DoD model versus the OSI model. 142
..Application Layer Protocols 143
..Transport Layer Protocols 143

..The CIA Triad 146
….Security Boundaries and Translating Security Policy to Controls 146
….Trusted Network Interpretation 147
….Network Layer Security Protocols 148
….Transport Layer Security Protocols 149
….Application Layer Security Protocols 149
….Network Monitoring and Packet Sniffers 150
….Intrusion Detection 151
….Intrusion Response 153
….Network Address Translation 153
….Transparency 155
….Hash Totals 155
….Email Security 155
….Facsimile and Printer Security 156
….Common Attacks and Countermeasures 156
….Class A Abuses 156
….Class B Abuses 157
….Class C Abuses 158
….Class D Abuses 158
….Class E Abuses 159
….Class F Abuses 161

..Fault Tolerance and Data Restoration 162
….Managing Network Single Points of Failure 163
….Cable Failures 163
….Topology Failures 164

Chapter 3. Security Management and Practices 191

..Defining Security Principles 197
….CIA: Information Security’s Fundamental Principles 197
….Confidentiality 197
….Integrity 198
….Availability 199

..Privacy 199
….Identification and Authentication 200
….Passwords 201
….Figure 3.2. Authentication using an asynchronous token device. 202
….Nonrepudiation 202
….Accountability and Auditing 203
….Keystroke Monitoring 203
….Protecting Audit Data 204
….Documentation 205
….Security Management Planning 206
….Risk Management and Analysis 207
….Risk Analysis 208
….Table 3.1. Basic Risk Analysis on a $10,000 Asset 208
….Identifying Threats and Vulnerabilities 209
….Asset Valuation 210
….Table 3.2. A Sample Calculation for ALE 214
….Qualitative Risk Analysis 215
….Countermeasure Selection and Evaluation 215

..Policies, Standards, Guidelines, and Procedures 218
….Information Security Policies 218
….How Policies Should Be Developed 219
….Define What Policies Need to Be Written 219
….Table 3.3. Sample List of Potential Policies 220
….Identify What Is to Be Protected 220
….Identify from Whom It Is Being Protected 221
….Setting Standards 221
….Creating Baselines 221
….Guidelines 222
….Setting and Implementing Procedures 222
….Examining Roles and Responsibility 224
….Management Responsibility 224
….User Information Security Responsibilities 224

..IT Roles and Responsibilities 225
….Other Roles and Responsibilities 225
….Understanding Protection Mechanisms 227
….Layering 227
….Figure 3.5. The layered zones of the Bell-LaPadula protection module. 227
….Abstraction 228
….Data Hiding 228
….Encryption 228

..Classifying Data 230
….Commercial Classification 230
….Table 3.4. Commercial Data Classifications from Highest to Lowest 230
….Government Classification 231
….Table 3.5. Government Data Classifications from Highest to Lowest 231
….Criteria 232
….Creating Procedures for Classifying Data 232

..Managing Change Control 233
….Hardware Change Control 233
….Software Change Control 234
….Security Awareness Training 235

Chapter 4. Applications and Systems Development Security 249

..Software Applications and Issues 254
….Challenges of Distributed and Nondistributed Environments 254
….Nondistributed Systems 254
….Distributed Systems 257
….Examples of Distributed Systems 257
….Massively Distributed Systems 257
….Malware for Distributed Systems 258
….Managing Malware 259

..Database and Data Warehousing Issues 260
….Data Models 262
….Database Issues 263
….Figure 4.3. Creating a view-access to information can be controlled. 265
….Special Considerations for Data Warehouses and Data Marts 265
….Storage and Storage Systems 266

..Storage Area Networks 269
….Figure 4.5. Creating SANs zones allows the maintenance of access rights when new SANS are added and therefore can assist in securing data. 270

..Knowledge-Based Systems 270
….Developing Expert Systems 271
….Techniques for Determining Answers in Rule-Based Expert Systems 271

..Web Services and Other Examples of Edge Computing 272
….Grid Computing 272
….Web Services 273
….Attacking Software 276
….Attacks Against Password Databases 276
….Denial-of-Service and Distributed Denial-of-Service Attacks 277
….Figure 4.6. The classic smurf attack. 278
….Figure 4.7. Distributed denial-of-service attack. In the diagram, the attacker is controlling multiple PCs or zombies to attack another PC, the victim. 279
….Spoofing 280

..Miscellaneous Attacks 280
….Illegitimate Use of Legitimate Software 281
….Network Software 282
….Understanding Malicious Code 284
….So, Who’s a Hacker? What’s Malicious Code? 284
….Hackers, Crackers, and Phreakers 284
….Real Problems and Pseudo Attacks 285
….What Protection Does Antivirus Software Provide? 285
….Implementing System Development Controls 287
….System Development Lifecycle 287
….Waterfall 287

Figure 4.9. Pseudocode. 289
Spiral Lifecycle Model 290
Figure 4.10. The spiral lifecycle model. 290
Rapid Application Development 291
Security Control Architecture 292
Best Practices 293
Using Coding Practices That Reduce System Vulnerability 294
Software Development Methodologies 294
Structured Programming 294

Computer-Aided Software Engineering 300
Impacting Security Through Good Software Design and Coding Practices 300

Case Study: Trustworthy Computing 304

CISSP TOC – Part 2..

Jul 23, 2008 in CISSP, Security

Chapter 5. Cryptography 6

Confidentiality 9
Integrity 9
Authentication 9
Nonrepudiation 10

Cryptographic Concepts, Methodologies, and Practices 11
Symmetric Algorithms 11
Asymmetric Algorithms 12
Message Authentication 13
Hash Functions 13
Digital Signatures 13
Key Length 14
One-Time Ciphers 14
PKI and Key Management 15

Methods of Attack 15
General Attacks 16
Ciphertext-Only Attack 16
Known-Plaintext Attacks 17
Chosen-Plaintext Attacks 17
Chosen-Ciphertext Attacks 17

Specific Attacks 17
Brute-Force 17
Replay Attacks 18
Man-in-the-Middle Attacks 18
Meet-in-the-Middle Attacks 19
Birthday 19

Chapter 6. Security Architecture and Models 33

Security Models 40
Bell-LaPadula 40
Biba 42
Clark-Wilson Model 42
Access Control Lists 43

Security System Architecture 45
Reference Monitor 45
Open Versus Closed Systems 46
Security Principles 47
Security Modes 48
Labels Versus Access Control Lists 48
Covert Channel 49

Information System Security Standards 50
TCSEC-The Orange Book and the Rainbow Series 51
Orange Book Classifications 51
Criticisms of Orange Book 53
Rainbow Series 54
Information Technology Security Evaluation Criteria 55
Differences Between the Orange Book and ITSEC 55
The United Kingdom Information Technology Security Evaluation and Certification Scheme 56
Table 6.5. ITSEC Levels 56
Common Criteria 58
What Is Common Criteria? 58
Part 1: Introduction and General Model 59
Part 2: Security Functional Requirements 60
Part 3: Security Assurance Requirements 61
Evaluation Assurance Packages or Levels 62
Areas Not Addressed by the Common Criteria 62

Table 6.6. Standards Comparison 63
IPSec 64
Uses for IPSec 64
Architectural Components of IPSec 65
Case Study: C2 and Windows NT 66

Chapter 7. Operations Security 81

Examining the Key Roles of Operations Security 86
Identify Resources to Be Protected 86
Identifying Privileges to Be Restricted 86
Identifying Available Controls and Their Types 87
Table 7.1. Control Types 89
Describing the OPSEC Process 89

The Roles of Auditing and Monitoring 93
Using Logs to Audit Activity and Detect Intrusion 93
Table 7.2. Windows 2000 Logs 94
Detecting Intrusions 95

Penetration Testing Techniques 100
Figure 7.4. Using Whois to find the IP address of the Web server. 101
Figure 7.5. Using ARIN Whois to enumerate the network. 103
Developing Countermeasures to Threats 105
Risk Analysis 105
Threats 105
Table 7.4. Employee Job Duties, Access Level, and Risk 107
Countermeasures 108
Establishing Countermeasures for Employee-Related Threats 109
Including Countermeasures in Hiring and Firing/Exit Practices 110
Gruntling Program 112
Countermeasures for Common Internet-Based Threats 113
Countermeasures to Physical Threats 113
The Role of Administrative Management 114
Table 7.5. Certifications for Security Managers 115
Concepts and Best Practices 116
Privileged Operation Functions 116

Understanding Antiviral Controls 118
Protecting Sensitive Information and Media 119
Change Management Control 120
Case Study: The Russian Hack Attack 123

7.1. Best Practices for Fax Services 127

Chapter 8. Business Continuity Planning and Disaster Recovery Planning 140

What Are the Disasters That Interrupt Business Operation? 146
Quantifying the Difference Between DRP and BCP 148
Examining the Business Continuity Planning Process 150
Determining the Plan’s Scope 151
Business Impact Assessment 151
Gathering and Charting Information 152
Validating the Process 154
Reporting 155

Reviewing Insurance 157
Planning for Insurance Claim Processing 158
Providing Item Recovery Details 159
Implementing the Plan 160
Testing the Plan 160
Maintaining the Plan 161
Defining Disaster Recovery Planning 162
Recovering Data Processing 162
Determining Recovery Plan Scope 162
Creating Antidisaster Procedures 163
Listing Necessary Resources: Process and Site Selection Criteria 164
Emergency Response Procedures 164
Creating Step-by-Step Instructions 165
Recording Important Contact Numbers 166
Restoring Data Processing 166
Developing a Backup Strategy 167
Backup Procedures and Policy 168
Figure 8.1. Full weekly backup with daily differential. 169
Figure 8.2. Full weekly backup with daily incremental. 170
Vital Records Program 171
Hardware Backups 171
Alternative Sites 172
Case Study: Does Business Continuity Work? 175

CISSP TOC – Part 3 ..

Jun 19, 2008 in CISSP, Security

Chapter 9. Law, Investigation, and Ethics 4

Intellectual Property Law 8
Patents 8
Copyrights 9
Trade Secrets 9
Sale and Licensing 9
Privacy Law 10
Government Regulations 11

Criminal Law and Computer Crime 12
Computer Security Incidents 15
Advance Planning 15
Computer Crime Investigation 16

Legal Evidence 19
Credibility or Weight of Evidence 19
Proof of Authenticity 20
Hearsay 20
Best Evidence Rule 20
Chain of Evidence 21
The Fourth Amendment 22
Computer Forensics 22

Computer Ethics 28
Case Study: Cross-Examining the Forensics Expert 30
Case Study: Proving Copyright Infringement 31

Chapter 10. Physical Security 45

Classifying Assets to Simplify Physical Security Discussions 49

Vulnerabilities 51
Selecting, Designing, Constructing, and Maintaining a Secure Site 53
Site Location and Construction 53
Physical Access Controls 54
Active Physical Access Controls 55
Passive Controls 55
Power 57
Power Issues: Spikes, Surges, and Brownouts 57
Minimizing Power Problems 58
Environmental Controls: Air Conditioning, Humidity, and Temperature 59
Water Exposure Problems 60
Fire Prevention and Protection 60
Tape and Media Library Retention Policies 63
Document (Hard-Copy) Libraries 64
Waste Disposal 66
Physical Intrusion Detection 69
Table 10.2. Sensors and Other Detection Mechanisms 69

10.1. The Airports Council International Exercise 75

CISSP Resources ..

Jun 17, 2008 in CISSP, Security

Ch. 1 – Access Control
Ch. 2 – Telecommunications and Network Security
Ch. 3 – Security Management and Practices
Ch. 4 – Applications and Systems Development Security
Ch. 5 – Cryptography
Ch. 6 – Security Architecture and Models
Ch. 7 – Operations Security
Ch. 8 – Bus Cont Planning (BCP) and Disaster Recovery
Ch. 9 – Law, Investigation, and Ethics
Ch. 10 – Physical Security



* tcpdump, a tool for capturing and dumping packets for further analysis, and WinDump, the Windows port of tcpdump.
* Wireshark (formerly Ethereal), a graphical packet-capture and protocol-analysis tool.
* Snort, a network-intrusion-detection system.
* ssldump, an SSLv3/TLS analyzer. It decodes SSL records and displays them to stdout.
* Nmap, a port-scanning and fingerprinting network utility
* the Bro IDS and network-monitoring platform.
* justniffer, a tcp/http packet sniffer. It can log network traffic in a ‘standard’ (web server like) or in a customized way.
* URL Snooper, locate the URLs of audio and video files so that they can be recorded.
* Kismet, for 802.11 wireless LANs
* L0phtCrack, a password auditing and recovery application.
* NetworkMiner, a network forensic tool that extracts transferred files and identifies operating systems.
* Xplico, open source Network Forensic Analysis Tool (NFAT).
* iftop, a tool for displaying bandwidth usage (like top for network traffic)
* EtherApe, a graphical tool for monitoring network traffic and bandwidth usage in real time.
* Bit-Twist, a libpcap-based Ethernet packet generator and editor for BSD, Linux, and Windows.


* Tripwire
* Backtrack