Comptia CASP Notes – Modules 1 – 3

December 14, 2016 | Views: 3986

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Module 1

Business Influences

ISA – interconnection security agreement

Top-Level Management must be involved in new security policies

Cryptographic Concepts & Techniques

Cryptographic Techniques

  • Key Stretching – original key fed into an algorithm to produce an enhanced key

  • Hashing – data ran through crypto function to produce a 1-way message digest; provides integrity

Hashing Algorithms – MD

  • MD2 – 28 bit, 18 rounds of computations; slow

  • MD4 – 128 bit 3 rounds, faster than MD2 but has been broken

  • MD5 – 128 bit hash, 4 rounds; collision attacks possible should not be used for digital signatures or SSL

  • MD6 – Variable hash value, variable rounds; had early issues with differential attacks

Hashing Algorithms – SHA

  • SHA0 – 160bit, 80 rounds on blocks

  • SHA1- 160 bit, 80 rounds 512 blocks corrects SHA0 weakness

  • SHA2 family

    • SHA-224, SHA-256, SHA-384, SHA-512

Haval – one-way function with variable length hash values; suffers from collision issues

RIPEMD – 160bit hash, with 160 rounds of computations on 512 bit blocks

MAC (Message Authentication Code – provides message integrity and authenticity

  • HMAC – keyed hash MAC uses sym key. Provides integrity and authentication

  • CBC-MAC (Cipher block chaining MAC) – block cipher MAC uses CBC mode for extra integrity & auth

  • CMAC (Cipher-based MAC) – updated CBC-MAC that works with AES & 3DES

Additional Concepts

  • Pseudo-Random Number Generation – not truly random but good enough

  • PFS (perfect forward secrecy) – ensures that a session key derived from long-term keys cannot be compromised if the long-term key is compromised. No reuse of keys or derived from previous keys

  • Transport Encryption – ensures data is protected over the network

  • Entropy – source of randomness collected from an application

  • Diffusion – changing the location of the plaintext within ciphertext, often uses transposition

  • Confusion – Changing a key value during each round of encryption, often uses substitution

  • Non-repudiation – provides proof of data origin, prevents sender from denying; supports integrity

  • Confidentiality – ensuring that data cannot be read except by valid recipient

  • Integrity – verifying that data has not been altered

Transport Encryption Protocols

  • SSL – provides encryption, authentication, and integrity with 40 bit (SSL 2.0) or 128 bit (SSL 3.0) encryption

  • TLS (Transport layer security) – open community standard that provides many of the services of SSL

  • TLS 1.0 based on SSL 3.0 but more extensible

  • SET – secures credit card transaction, never fully implemented

  • 3-D Secure – XML based protocol designed to provide an additional layer of security for credit transactions

  • IPSEC (Internet Protocol Security) – suite of protocols that establishes a secure channel between 2 devices includes:

    • AH (Authentication Header)

    • ESP (Encapsulating Security Payload)

Data @ Rest / Symmetric Algorithms

  • DES – 64-bit, w 8 for parity & 56 effective key length using 16 round or transposition and substitution

  • 3DES – 56-bit, 3x slower than DES

  • AES (Advanced Encryption Standard) – uses Rijndael algorithm with 128, 192 and 256-bit block sizes

  • RC4 – most popular ‘stream cipher’ used in SSL & WEP using variable key of 40-2048 bits

Data @ Rest / Asymmetric Algorithms

  • Diffie-Hellman – provides secure key distribution but not confidentiality, authentication or non-repudiation. Does provide secure key distribution

  • RSA – provides key exchange, encryption & digital signatures. Uses prime factors of very large prime numbers for key strength with 1024-4096 bit key with one round of transformation

  • El Gamal – based on Diffie-Hellman. Uses discrete logarithms can provide key exchange, encryption & digital sig

  • ECC (Elliptic Curve Cryptosystem) – provides key distribution, encryption, and digital signatures used in mobile devices

Hybrid Ciphers

  • Uses symmetric for encryption and asymmetric for key exchange

Digital Signatures

  • Hash value encrypted with the sender’s private key. Provides authentication, nonrepudiation & integrity

PKI (Public Key Infrastructure)

  • Uses X.509 framework – standard that describes what digital signatures should look like

  • Hierarchical chain-of-trust-model

    • Root CA

    • Subordinate CA

    • Issuing CA

Advanced PKI Concepts

  • OCSP (Online Certificate Status Protocol) – Internet protocol that obtains the revocation status of an x.509 digital certificate using the serial number – newer way of doing CRL

Digital Certificate Classes

  • Class 1: intended for email

  • Class 2: identity

  • Class 3: servers & software signing

  • Class 4: online business transactions

  • Class 5: government security & private organizations

Cipher Types

  • Stream-based – performs bit-by-by basis using keystream generators creating a bit stream that is XORed with plaintext

  • Block Ciphers – perform encryption by breaking a message into fixed-length blocks

DES Modes

  • ECB (Electronic Code Book) – 64-bit blocks of data

  • CBC (Cipher block chaining) – uses IV then chains blocks together

  • CFB (Cipher feedback) –  8-bit blocks using stream & block ciphering.

  • OFB (Output feedback) –  uses previous keystreams to create next keystream

  • CTR (Counter mode) – keystream has to be the same size as plaintext block, uses incrementing IV counter


Module 2

Risk Mitigation Planning & Controls

CIA: Confidentiality, Integrity, Availability

Business Classifications

  1. Confidential

  2. Private

  3. Sensitive

  4. Public

Military Classifications

  1. Top Secret

  2. Secret

  3. Confidential

  4. Sensitive but unclassified

  5. Unclassified

Business classifications are discretionary, Military  classifications are mandatory access control (MAC) access is determined by classification.

Information Life Cycle

Classified on value, segmentation based on protection, data retention time determined, data destruction.

Stakeholders input should be put into CIA decisions (department heads should have the biggest influence).

Technical Controls Categories

  • Compensative – mitigates risk

  • Corrective – reduce the effect of an event

  • Detective – used to alert

  • Deterrent – used to deter

  • Directive – specify acceptable practices in an organization

  • Preventive – prevent event from occurring

  • Recovery – recover from an event

Access Controls

  • Administrative – rules/ policies

  • Logical (technical) – i.e firewalls, IDS

  • Physical – mantraps, door locks

SRTM – security requirements traceability matrix – a grid that displays what is required for an asset’s security

Determine Aggregate CIA Score

FIPS 199 the security category (SC) of an entity uses 3 tenets with values

CIA = low, moderate, high

Conduct System-Specific RA

  • Identify assets

  • Identify vulnerabilities and threats

  • Calculate threat probability and impact

  • Balance threat impact with countermeasure cost

Risk Determinations

  • Qualitative

  • Quantitative

  • Magnitude of Impact – estimate how much damage

Tools

SLE -single loss expectancy = monetary impact of each threat occurrence

AV asset value x Exposure factor (percent of value that will be lost)

5000×25% = SLE 1500

ALE – annual loss expectancy = SLE x ALE

ROI – return on investment = measures the expected improvement against the cost of the action required to achieve the improvement.

NPV – net present value

TCO – total cost of ownership – measures the overall costs associated with RM process

Basic Risk Strategies

  • Avoid – terminate activity

  • Transfer – pass risk on

  • Mitigate – define acceptable risk level, reduce risk level

  • Accept

Risk Management Process

  1. Identify the assets and their value

  2. Identify threats

  3. Identify vulnerabilities

  4. Determine likelihood

  5. Identify impact

  6. Determine risk as combination of likelihood and impact

Vulnerabilities and Threats Identification

Human:

Natural

Technical

Physical

Environmental

Operational

Other risk forms

Inherent Risk – no mitigation factors

Residual Risk – risk that remains after safeguards are in place

SABSA Sherwood Applied Business Security Architecture: six questions that intersect six layers asking What, Why, How, Who, Where, When

  1. Contextual Architecture

2. Conceptual Architecture

3. Logical Architecture

4. Physical  Architecture

5. Component Architecture

6. Service Management Architecture

CobiT – Control Objectives for Information & Related Technology: uses a process model to subdivide IT into 4 domains. Circular design

  • Plan & Organize

  • Acquire and Implement

  • Deliver and Support

  • Monitor and Evaluate

  • Look at resources, applications, people and start over

NIST SP 800-53 – framework developed by NIST

Business Continuity Planning – Identifies the impact of any disaster and ensures a viable recovery plan (7 Steps)

  1. Develop contingency planning policy

  2. Conduct BIA

  3. Identify preventive controls

  4. Create recovery strategies

  5. Develop BCP

  6. Test, train, exercise

  7. Maintain the plan

IT Governance

  • Define scope

  • Identify all assets

  • Determine level of protection

  • Determine personnel responsibilities

  • Develop consequences for noncompliance

Policies

  • Organizational Security Policy – Highest-level security policy, steered by business goals.

Incident Response & Recovery Procedures

  • E-discovery – term used when evidence is recovered from an electronic device

  • Uses strict control on use and remote wipe features

  • Follow data retention policies i.e local, state, & gov regs and laws.

  • Data must be categorized properly

Data Recovery & Storage

  • BCP – Business Continuity Plan

  • DRP – Data Recovery Plan

Data Backup Schemes

  • Full – slowest backup, fastest restore, includes all data, high space requirements

  • Incremental – Fast, only backs up changes since last full or incremental backup, moderate restore time, low space; risk multiple restore points that have to be done in order.

  • Differential – Moderate, backup changes since last full backup, fast restore time, moderate restore time.

  • Transaction log backups – used with database; recovery to a point in time

  • Daily backup – only backs up data that has been changed

Media Rotation

  • FIFO (First In, First Out) – newest backup saved to oldest media

  • GFS (Grandfather, Father, Son) – 3 sets of backups: daily, weekly, monthly

Data Owner

  • Owner determines classification, data custodian implements permission settings

Guidelines for Incident Response

  • Mitigate – take appropriate acts to mitigate effect of an incident

  • Minimize – take steps to minimize effects

  • Isolate – contain the affected systems

  • Recovery/Reconstitution – backup/recovery can be done in defined time (requires practice runs)

  • Response – Preventive actions against future breaches

  • Disclosure – record findings / lessons learned

Order of Volatility

  1. Memory

  2. Swap or slack space

  3. Routing table, ARP cache

  4. Filesystem info

  5. Raw Disk

  6. Remote logging / monitoring data

  7. Physical configs

  8. Archival Media


Module 3

Security, Privacy Policies, & Procedures

ISO/IEC 27000 Series – Standardizes the British Standard 7799 (over 40 standards)

  • Policies are overarching, procedures & process should be guided by policies

Legal Compliance

  • Human Resources – address employment laws

  • Legal Department – understand laws that apply to industry

Laws & Regulations

  • SOX (Sarbanes-Oxley Act) – regulates accounting of any publicly traded company

  • HIPAA (Health Insurance Portability & Accountability Act) – provides standards for storing health care data

  • GLBA (Gramm-Leach-Bliley Act) of 1999 – guidelines for securing financial information, prohibits sharing with 3rd parties

  • CFAA (Computer Fraud & Abuse Act) – address the hacking of “protected computers”

  • Health Care & Education Reconciliation Act of 2010 – increased security measures to protect healthcare information

  • Federal Privacy Act of 1974 – protects PII

  • Computer Security Act of 1987 – superseded by FISMA (Federal Information Security Management Act) protect Gov systems

  • PIPEDA (Personal Information Protection and Electronic Documents Act) – obtain consent to collect PII

  • Basel II – address minimal capital requirements, protects against bad banking practices (reduce risk)

  • PCI DSS ( Payment Card Industry Data Security Standard) – credit card company

  • FISMA (Federal Information Security Management Act of 2002) – requires federal agencies to implement agency-wide security programs

  • Economic Espionage Act of 1996 – makes theft of trade secrets a federal crime

  • USA PATRIOT ACT – enhances investigatory tools that law enforcement can legally use

Common Business Documents

  • RA (Risk Assessment) – used to identify vulnerabilities and threats

  • SOA (Statement of Applicability) – identifies the controls chosen by an organization and why they are appropriate

  • BIA (Business Impact Analysis) – lists the critical business functions, dependencies and their level of criticality to the organization.

Terms in Identifying Outage Impacts

  • MTD (Maximum tolerable downtime) – maximum time org can tolerate being down

  • MTTR (Mean time to repair) – Average time to repair a resource

  • MTBF (Mean time between failures) – estimated time before a failure occurs

  • RTO (Recovery Time Objective) – shortest time after a disaster that a resource must be restored

  • WRT (Work Recovery Time) – difference between RTO & MTD

  • RPO (Recovery Point Objective) – point in time which resource must be functional

  • IA (Interoperability Agreement) – agreement to work together to allow information exchange

  • ISA (interconnection security agreement) – document the technical requirements of the interconnection

  • MOU (Memorandum of Understanding) – Agreement that details a common line of action between organizations

  • SLA (Service Level Agreement) Agreement specifying requirements of a support system to respond to problems

  • OLA (Operating-Level Agreement) – Details agreements between departments

  • NDA ( Nondisclosure Agreement) – Defines what information is confidential and cannot be shared

  • BPA (Business Partnership Agreement) – Establishes the conditions of the partner relationship

Policies that support Internal Security

  • Separation of Duties – helps to reduce collusion by separating critical duties

  • Job Rotation – Different people do different jobs to help discover wrongdoing

  • Mandatory Vacation – require vacations

  • Least Privilege – User should only have access to what is required to do their job

Incident Response Steps

Detect → Respond → Report → Recover → Remediate → Review

Forensic Investigation Process

Identification → Preservation → Collection → Examination → Analysis → Presentation → Decision

Training & Awareness

  • Reinforces the fact that valuable information must be protected

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
4 Comments
  1. thanks for sharing

  2. Thank You, notes are just awesome!

  3. Fantastic. Very helpful.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel