Information Security and Information Assurance

Information Security Fundamental
1. Principals
  1. History
    1. Caesar cipher c50 B.C
    2. Enigma
  2. Key concepts
    1. CIA triad
      1. Confidentiality
      2. Integrity
      3. Availability
    2. Parkerian hexad
      1. Confidentiality
      2. Possession or Control
      3. Integrity
      4. Authenticity
      5. Availability
      6. Utility
2. Risk management must strike a balance between productivity, cost, effectiveness of the countermeasure, and the value of the informational asset being protected.
  1. Threats
    1. Type of Attacks
      1. Access Attacks
      2. Examples
      3. Network Packet Capture
      4. File Snoop
      5. Interception+Packet Replay
      6. Passwork Attack
      7. 1. Exploit > Buffer Overflow
      8. 2. local Password Attack 8,xxx,xxx Pass/Sec
      9. 3. Remote Credential Capture > local Password Attack 1,5xx,xxx Pass/sec
      10. 4. Remote Password Attack (Bad Quality) 120 Pass/Minute = 2 Pass/Sec
      11. Modification Attacks
      12. Denied of Service Attacks
      13. Examples
      14. Smurf
      15. Tear-Drop Attack
      16. Repudiation Attack
      17. Examples
      18. Identity Theaft
      19. Spoofing
    2. Agents
      1. Hackers
      2. Crackers
      3. Script Kiddies
      4. Malicious Insiders
      5. Industrial Espionage
  2. Vulnerability
    1. CVE
    2. Sites
      1. VulnWatch
      2. Bugtraq
      3. Full-Disclosure
    3. Vulnerability Assessment
      1. Tools
  3. Countermeasures (Controls)
    1. Types of controls
      1. Administrative (also called procedural controls)
      2. Laws and regulations
      3. The Family Educational Rights and Privacy Act 1974
      4. The Computer Misuse Act 1990
      5. Health Insurance Portability and Accountability Act 1996 (HIPAA)
      6. UK Data Protection Act 1998
      7. Gramm-Leach-Bliley Act 1999 (GLBA)
      8. Sarbanes-Oxley Act 2002
      9. Payment Card Industry Data Security Standard (PCI DSS)
      10. Personal Information Protection and Electronics Document Act (PIPEDA)
      11. EU Data Retention laws requires Internet service providers and phone companies to keep data on every electronic message sent and phone call made for between six months and two years
      12. Policies
      13. Examples
      14. Information Policy
      15. Identification of Sensitive Information
      16. Classifications
      17. Business sector Public, Sensitive, Private, Confidential
      18. Government Unclassified, Sensitive But Unclassified, Restricted, Confidential, Secret, Top Secret
      19. Marking of Sensitive Information
      20. Storage of Sensitive Information
      21. Transmission of Sensitive Information
      22. Destruction of Sensitive Information
      23. Security Policy
      24. Identification and Authentication
      25. Access Control
      26. Mechanisms
      27. Mandatory Access Control (MAC)
      28. Discretionary access control (DAC)
      29. Role Base Access Control (RBAC)
      30. Something you know
      31. Something you have
      32. Token
      33. Something you are
      34. Fingerprints
      35. Voices
      36. Eyes
      37. Faces
      38. Keystrokes
      39. Place you stay
      40. Audit
      41. Network Connectivity
      42. Malicious Code
      43. Encryption
      44. Waivers
      45. Appendices
      46. Computer Use Policy
      47. Ownership of Computers
      48. Ownership of Information
      49. Acceptable Use of Computers
      50. No Expectation of Privacy
      51. Internet Use Policy
      52. E-Mail Policy
      53. Internal Mail Issues
      54. External Mail Issues
      55. Deploying Policy
      56. Gaining Buy-In
      57. Education
      58. Implementation
      59. Standards
      60. International Organization for Standardization (ISO)
      61. The USA National Institute of Standards and Technology (NIST)
      62. The Internet Society
      63. IETF
      64. IAB
      65. ISOC
      66. The Information Security Forum
      67. The IT Baseline Protection Catalogs
      68. Guidelines
      69. Procedures
      70. Eamples
      71. User Management Procedures
      72. New Employee Procedure
      73. Transferred Employee Procedure
      74. Employee Termination Procedure
      75. System Administration Procedure
      76. Software Upgrades
      77. Vulnerability Scans
      78. Policy Reviews
      79. Log Reviews
      80. Regular Monitoring
      81. Logical (also called technical controls)
      82. Passwords
      83. Network and host based firewalls
      84. Packet Filtering Firewalls
      85. Stateful Firewalls
      86. Application Proxy Firewalls
      87. Intrusion detection systems
      88. Goals of the IDS
      89. Detection of the attacks
      90. Prevention of attacks
      91. Detection of policy violations
      92. Enforcement of use policies
      93. Enforcement of connection policies
      94. Collection of evidence
      95. Network-Based IDS
      96. Advantages
      97. The N-IDS can be completely hidden on the network.
      98. A single N-IDS can be used to monitor traffic to a large number of potential target systems.
      99. The N-IDS can capture the content of all packets traveling to a target system.
      100. Disadvantages
      101. The N-IDS system can only alarm if the traffic matches pre-configured rules or signatures.
      102. The N-IDS can miss traffic of interest due to high bandwidth utilization or alternate routes.
      103. The N-IDS cannot determine if the attack was successful.
      104. The N-IDS cannot examine traffic that is encrypted.
      105. Switched networks require special configurations.
      106. Host-Based IDS
      107. Advantages
      108. The H-IDS will not miss attack traffic that is directed at a system as long as the attack generates a log message.
      109. The H-IDS can determine if an attack was successful by examining log messages or other indication on the system.
      110. The H-IDS can be used to identify unauthorized access attempts by legitimate system users.
      111. Disadvantages
      112. The H-IDS process may be identified and disabled by an attacker.
      113. The H-IDS system can only alarm if the log entries or system calls match pre-configure rules or signatures.
      114. Certain H-IDS systems may impact support and maintenance agreements on operation system software.
      115. Access control lists
      116. Cryptography
      117. Cryptosystems
      118. Symmetric cryptosystems
      119. RC2
      120. RC4
      121. RC5
      122. IDEA
      123. DES
      124. 3DES
      125. AES
      126. Blowfish
      127. Asymmetric cryptosystems
      128. RSA
      129. Diffi Hellman
      130. Cryptographic Checksums A mathematical function, called a checksum function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum or message digest.
      131. Keyless hash functions
      132. MD2
      133. MD4
      134. MD5
      135. The Secure Hash Algorithm (SHA)
      136. Snefru
      137. HAVAL
      138. HMAC
      139. Key Management
      140. Certificate Signature Chains
      141. X.509
      142. PGP Certificate Signature Chains
      143. Key Exchange
      144. Kerboros
      145. Digital Signature
      146. Cryptanalysis
      147. Rainbow Table Attack
      148. Physical
      149. Doors
      150. Locks
      151. Heating and air conditioning
      152. Smoke and fire alarms
      153. Fire suppression systems
      154. CCTV
      155. Barricades
      156. Fencing
      157. Security guards
      158. Cable locks
  4. Risk Assessment
    1. Qualitative
      1. Descriptive versus measurable
      2. Risk Ratings
      3. High
      4. Medium
      5. Low
    2. Quantitative
      1. Annualized Loss Expectancy (ALE)
      2. ALE = SLE × ARO
      3. Single Loss Exposure (SLE)
      4. SLE=AV × EF
      5. Return On Investment (ROI)
      6. ROI = ((ALE × RM) - CSI)/CSI
      7. Glossary
      8. AV = Asset Value
      9. EF = Exposure Factor
      10. SLE = Single Loss Exposure
      11. ALE = Annualized Loss Expectancy
      12. ARO = Annualized Rate of Occurrence
      13. ROI = Return On Investment
      14. RM = Risk Mitigated
      15. CSI = Cost Security Investment
    3. Measurable Tools
      1. Enumerations
      2. Common Vulnerabilities and Exposures (CVE®)
      3. Common Configuration Enumeration (CCE™)
      4. Common Platform Enumeration (CPE™)
      5. Common Weakness Enumeration (CWE™)
      6. Common Attack Pattern Enumeration and Classification (CAPEC™)
      7. CWE/SANS Top 25 Most Dangerous Programming Errors
      8. Center for Internet Security (CIS) Consensus Security Metric Definitions
      9. Default Password Enumeration (DPE)
      10. OWASP Top ten
      11. SANS Top 20
      12. The Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance
      13. WASC Web Security Threat Classification
  5. Choose
    1. Accept the risk
    2. Mitigate the risk
    3. Transfer the risk
    4. Deny the risk
3. System and Network Security
  1. TCP/IP Threats
    1. Application Layer
    2. Host-to-Host (OSI Transport Layer)
      1. Syn Flooding
      2. Stealth Scanning
      3. OS/Service Fingerprint
    3. Internet Protocol (OSI Network Layer)
      1. IP
      2. IP-Spoof
      3. Source Routing
      4. Fragmentation
      5. Evasion Techniques
      6. Denied-of-Service
      7. Tear-Drop Attack
      8. ARP
      9. ARP Spoof
      10. Poisoning
      11. Port Stealing
      12. ICMP
      13. TTL Exceed for Scan Port (Firewalk)
      14. Denied-of Service
      15. Data Hiding (Covert Channels)
    4. Physical (OSI Datalink Layer + OSI Physical)
      1. MAC
      2. MAC Flooding (Wire,wireless)
      3. MAC-Spoof
      4. 802.11
      5. Wireless (SSID, MAC) Capture
      6. Wireless static-share-key Attack (WEP)
      7. Wireless dynamic-share-key (WPA,WPA2)
  2. OS Hardening
  3. Perimeter Network
    1. Firewall
    2. NAT
    3. VPN
      1. IPSec
      2. Mode
      3. Transport
      4. Tunnel
      5. Key Management
      6. Internet Security Association and Key Management Protocol(ISAKMP) (link) <http://en.wikipedia.org/wiki/ISAKMP>
      7. Diffie-Hellman (link) <http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange>
      8. Packet Type
      9. Authentication Header (AH)
      10. Encryption Security Payload (ESP)
    4. IDS
    5. IPS
    6. Subtopic
Information Security Management
1. Information Security Framework
  1. xxxx
    1. Assessment
    2. Policy
    3. Implement
    4. Security Education Training Awareness
    5. Audit Monitor
  2. ISO
    1. Plan
    2. Do
    3. Check
    4. Ack
  3. COBIT
    1. P,O
    2. A, I
    3. D, S
    4. M
2. Security Policy
  1. Implementation
    1. Gaining-buy-in
    2. Education
  2. Contingency Plan
    1. IRP
    2. DRP
      1. Alternate Sites
      2. Mirror Site
      3. Hot Site
      4. Warm Site
      5. Cold Site
    3. BCP
3. Professionalism
  1. Certified Information Systems Security Professional (CISSP)
  2. The Information Systems Security Architecture Professional (ISSAP)
  3. Information Systems Security Engineering Professional (ISSEP)
  4. Information Systems Security Management Professional (ISSMP)
  5. Certified Information Security Manager (CISM)
  6. GIAC
4. Forensic
  1. Acquisition
    1. Valatile
      1. Disk
      2. Thumb Drive
      3. CD/DVD
      4. etc
  2. Non-Valatite
    1. RAM
    2. Buffer
    3. Network Status
    4. Hint
      1. Opened Machine, Don't Close
      2. Closed Machine, Dont OPEN
      3. Don't Save on Evidence
  3. Evidence Collection and Protection
    1. HASH
    2. Chain-of-Custody
    3. Static-Bag
    4. Dupplicate
      1. Bit-by-Bit
  4. Analysis
    1. Index, Hash Collection
    2. Keyword
    3. Timeline
    4. Hint
      1. USE Write-Blocker with ALL Evidence
Security Program