itech9

Chapter 5. Cryptography 6

Confidentiality 9
Integrity 9
Authentication 9
Nonrepudiation 10

Cryptographic Concepts, Methodologies, and Practices 11
Symmetric Algorithms 11
Asymmetric Algorithms 12
Message Authentication 13
Hash Functions 13
Digital Signatures 13
Key Length 14
One-Time Ciphers 14
PKI and Key Management 15

Methods of Attack 15
General Attacks 16
Ciphertext-Only Attack 16
Known-Plaintext Attacks 17
Chosen-Plaintext Attacks 17
Chosen-Ciphertext Attacks 17

Specific Attacks 17
Brute-Force 17
Replay Attacks 18
Man-in-the-Middle Attacks 18
Meet-in-the-Middle Attacks 19
Birthday 19

Chapter 6. Security Architecture and Models 33

Security Models 40
Bell-LaPadula 40
Biba 42
Clark-Wilson Model 42
Access Control Lists 43

Security System Architecture 45
Reference Monitor 45
Open Versus Closed Systems 46
Security Principles 47
Security Modes 48
Labels Versus Access Control Lists 48
Covert Channel 49

Information System Security Standards 50
TCSEC-The Orange Book and the Rainbow Series 51
Orange Book Classifications 51
Criticisms of Orange Book 53
Rainbow Series 54
Information Technology Security Evaluation Criteria 55
Differences Between the Orange Book and ITSEC 55
The United Kingdom Information Technology Security Evaluation and Certification Scheme 56
Table 6.5. ITSEC Levels 56
Common Criteria 58
What Is Common Criteria? 58
Part 1: Introduction and General Model 59
Part 2: Security Functional Requirements 60
Part 3: Security Assurance Requirements 61
Evaluation Assurance Packages or Levels 62
Areas Not Addressed by the Common Criteria 62

Table 6.6. Standards Comparison 63
IPSec 64
Uses for IPSec 64
Architectural Components of IPSec 65
Case Study: C2 and Windows NT 66

Chapter 7. Operations Security 81

Examining the Key Roles of Operations Security 86
Identify Resources to Be Protected 86
Identifying Privileges to Be Restricted 86
Identifying Available Controls and Their Types 87
Table 7.1. Control Types 89
Describing the OPSEC Process 89

The Roles of Auditing and Monitoring 93
Using Logs to Audit Activity and Detect Intrusion 93
Table 7.2. Windows 2000 Logs 94
Detecting Intrusions 95

Penetration Testing Techniques 100
Figure 7.4. Using Whois to find the IP address of the Web server. 101
Figure 7.5. Using ARIN Whois to enumerate the network. 103
Developing Countermeasures to Threats 105
Risk Analysis 105
Threats 105
Table 7.4. Employee Job Duties, Access Level, and Risk 107
Countermeasures 108
Establishing Countermeasures for Employee-Related Threats 109
Including Countermeasures in Hiring and Firing/Exit Practices 110
Gruntling Program 112
Countermeasures for Common Internet-Based Threats 113
Countermeasures to Physical Threats 113
The Role of Administrative Management 114
Table 7.5. Certifications for Security Managers 115
Concepts and Best Practices 116
Privileged Operation Functions 116

Understanding Antiviral Controls 118
Protecting Sensitive Information and Media 119
Change Management Control 120
Case Study: The Russian Hack Attack 123

7.1. Best Practices for Fax Services 127

Chapter 8. Business Continuity Planning and Disaster Recovery Planning 140

What Are the Disasters That Interrupt Business Operation? 146
Quantifying the Difference Between DRP and BCP 148
Examining the Business Continuity Planning Process 150
Determining the Plan’s Scope 151
Business Impact Assessment 151
Gathering and Charting Information 152
Validating the Process 154
Reporting 155

Reviewing Insurance 157
Planning for Insurance Claim Processing 158
Providing Item Recovery Details 159
Implementing the Plan 160
Testing the Plan 160
Maintaining the Plan 161
Defining Disaster Recovery Planning 162
Recovering Data Processing 162
Determining Recovery Plan Scope 162
Creating Antidisaster Procedures 163
Listing Necessary Resources: Process and Site Selection Criteria 164
Emergency Response Procedures 164
Creating Step-by-Step Instructions 165
Recording Important Contact Numbers 166
Restoring Data Processing 166
Developing a Backup Strategy 167
Backup Procedures and Policy 168
Figure 8.1. Full weekly backup with daily differential. 169
Figure 8.2. Full weekly backup with daily incremental. 170
Vital Records Program 171
Hardware Backups 171
Alternative Sites 172
Case Study: Does Business Continuity Work? 175