Week 1 DQ 1
Each of us have own reasons for pursuing our CISSP certification. Why did you choose to pursue yours?
The reason I am looking to get my CISSP is for job security reasons and the fact that will get me in a Technical 3 level when it comes to being compliment with DOD’s 8570. I also would love to have a fun job catch hackers with the F.B.I. so the CISSP will put me in the running to get one of those jobs. I also think there is a good pay raise that comes when you have a cert of this level. I was also looking into the CASP because it seem a little bit easier.
Week 1 DQ 3
After reading/viewing this week’s materials, please respond to one or more of the following questions.
After viewing the video on IT Governance, describe the IT governance model and discuss its importance in instituting a comprehensive security program. What are security blueprints?
In your own words, describe the personnel best practices of mandatory vacation, separation of powers, principle of least privilege, and job rotation. Give an example of where you have seen these practices applied from your own experience.
Mandatory Vacation is when upper management has to make an employee take a few days off this. This is done for auditing purposes. If the person works and don’t take any time off they could be doing things on the system that people are unaware of and the security team might need some time to examine their system to make sure everything is copasetic.
Separation of powers or what is called separation of duty is used to compartmentalize a job or an organization. This is used to make sure one person is not a single point of failure or that one person does not have too much power. “Designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task. (Wigmore, 2014) ”
Principle of least privilege is to make sure that everyone only has access to what they need and have the lowest access control to folders and files and places. Most state the rule for least privilege is to deny everything and then as a person needs access start opening up rights. “If all processes ran with the smallest set of privileges needed to perform the user’s tasks. (Merrifield, 2014)” So the first step in hardening an account is to deny all.
Job rotation is used to make sure people don’t get to relaxed in their jobs so every so often they have you do another job this is kind of a way for companies to use a checks and balance system. That way if you are doing anything wrong in your job the other person will see it and maybe report it to upper management. “Job rotation is an operational control to detect errors and frauds. (Kokcha, 2012) ”
In my day to day life I have never had a madatory vacation because I take off a good amount of time every year. I have created user accounts before at an ole job so I totally get the process of least privlege. When creating an account they tell us to lock down the account and have the users TASO tell you what that person should have access to, I would stat that most of these accounts where on a role based system.
Works Cited
Kokcha, R. (2012, 05 16). Job Rotation. Retrieved from http://security.koenig-solutions.com: http://security.koenig-solutions.com/blog-home/job-rotation
Merrifield, J. (2014, 10). Using a Least-Privileged User Account . Retrieved from http://technet.microsoft.com: http://technet.microsoft.com/en-us/library/cc700846.aspx
Wigmore, I. (2014, 01 01). segregation of duties (SoD). Retrieved from http://whatis.techtarget.com/: http://whatis.techtarget.com/definition/segregation-of-duties-SoD
Week 2 DQ 1
After reading/viewing this week’s materials, please respond to one or more of the following questions.
What are the different Access Control Models available to secure access to resources? Give an example of one that you have used in a work situation or if that is not possible, one that you’ve read about.
Identify the Access Control Categories and give an example of one that you have read about or have knowledge of from your own experience.
Describe threats to the Access Control domain from what was covered within the reading and give an example of each.
What are the main goals of access control and what are the best practices recommended to help in achieving them.
What are the different Access Control Models available to secure access to resources? Give an example of one that you have used in a work situation or if that is not possible, one that you’ve read about.
RBAC which is also known as Role Based Access Control – This access control gives people access based on their role in the organization. An example of that is let’s say the base commander was leaving and there was a new one coming in you would mirror the new base commander’s access to the old one. I have had to do then when creating accounts in AD and group email accounts.
DAC which is also known as Discretionary Access Control- This access control restricts access to data by placing users in different groups and giving the group access to parts of the network. Also there are data owners in the group who can change the level of access each person in the group has. An example is when someone gives another person access to their outlook email account and the owner of the account can dictate weather they won’t the person to have rights to send on the behalf of the email account.
MAC which is also known as Mandatory Access control – This access control method gives the data a sensitivity labels or classification and if the users does not have the classification level they are denied access to the data. “Is a system-controlled policy restricting access to resource objects (such as data files, devices, systems, etc.) based on the level of authorization or clearance of the accessing entity, be it person, process, or device. (Rouse, 2008)
Works Cited
Rouse, M. (2008, 12). mandatory access control (MAC). Retrieved from http://searchsecurity.techtarget.com: http://searchsecurity.techtarget.com/definition/mandatory-access-control-MAC
Week 2 DQ 2
After reading/viewing this week’s materials, please respond to one or more of the following questions.
What are the challenges that an Identity and Access Management system helps overcome? What benefits does it provide?
In your own words describe the four main activities that comprise the System Access Control Process. What guidelines must be followed within the Identification phase?
Identify the Information and Access Management Technologies and describe one that you are familiar with either from your own experience or give an example of one that you’ve read about.
Describe the three factors that can be used in authentication and give at least two examples for each.
Describe the three factors that can be used in authentication and give at least two examples for each.
The Three factors of authentication are something you know, something you have and something that you are.
Most networks have some type of authentication process for user’s login this is to make sure the user has the correct access to the objects that they need and also this is used for Identification purposes also.
One way to sign into the network is with a user name and pin. This is the least secure method because there are serval ways a hacker can gain access to a user name and a password. They could use social networks and guess what the password might be or they can you things like dictionary attacks or brute force to crack the password. This method is also called something you know.
Another authentication is something you have this is a little bit more secure then something you know cause you have to physically get something that the users has such as a token or a smart card. I use a multi factor log in method at my work place and we need to have a CAC to log into the network along with a pin. Ways that people can get around this is by taken the token but or duplicating the smart chip in the CAC but these ways are much harder to do.
The best type of single authentication would be something you are. These are things like” Biometric methods provide the something you are factor of authentication. Some of the biometric methods that can be used are fingerprints, hand geometry, retinal or iris scans, handwriting, and voice analysis. Fingerprints and handprints are the most widely used biometric method in use today. (Gibson, 2011)” I worked at a help desk where the walk ups could come and reset there biometric log in or change the method of login in this was very interesting the processes and why the scanner works. This method is a hard way to gain access but it is not impossible.
Works Cited
Gibson, D. (2011, jUN 6). Understanding the Three Factors of Authentication. Retrieved from http://www.pearsonitcertification.com: http://www.pearsonitcertification.com/articles/article.aspx?p=1718488
Week 3 DQ 1
After reading/viewing this week’s materials, please respond to one or more of the following questions.
Identify the malicious threat sources to physical security and their corresponding countermeasures.
Describe the main components of a CCTV system. What are some of the concerns with CCTV deployments?
Describe three perimeter intrusion detection systems from the physical security domain and give an example of one that you have seen deployed either at work or another location that you are familiar with.
The main components of a CCTV system consist of cameras, transmitters, receivers, a recording system, and a monitor. The camera captures the data, transmits to the recording system, and then displays on the monitor. One of the concerns with the deployment of the CCTV system include the circuit not being tamperproof whereby this would allow attackers to compromises the companies CCTV system this is a problem that compromises the devices integrity and manipulating the video feed to play back recordings from another recording timeframe. Also depending on the system the feed could be easily hi jacked. Also vandalism could be another problem it CCTV faces the camera is behind a harden plastic cover but if someone mess up that cover it is hard to see though. Another concern would be choosing the correct lens. The lens should have the proper focal length that covers the entire area or depth of focus, and having the capability to adjust the lens. Light is another concern with the CCTV system, deploying a light-sensitive camera which “allows for the capture of extraordinary detail of objects and precise presentation.” (Harris, 2013) Using the use of an auto iris lens can regulate the amount of light that enters the lens.
Reference
Harris, S. (2013). Alll-in-One CISSP. New York: McGraw-Hill.
Week 3 DQ 2
After reading/viewing this week’s materials, please respond to one or more of the following questions.
Describe the functions of hubs/repeaters, bridges, switches, routers, and gateways. At what layers of the OSI model does each device operate?
Describe the different Wireless standards within the 802.11 family. What is a rogue access point, and what do we have to worry about?
Describe the differences between bus, ring and star topologies. List the various wiring standards that are available for use within these topologies.
From the videos, pick one hacker profiled and describe the types of attacks they used in exploiting vulnerabilities of the networks that they targeted. What opening did they gain access through? How were they detected?
HubRepeater operates at the physical layer. They repeat incoming frames without examining the MAC address in the frame.
Bridges connects “two or more media segments on the same subnet, and filters traffic between both segments based on the MAC address in the frame. They divide a network into segments to reduce traffic congestion and excessive collisions” (Harris, 2013) by connecting two networks and passes traffic between them based only on the node address, so that traffic between nodes on one network does not appear on the other network. Bridges operate in the data link OSI layer.
Switches operate at data link layer. A multiport bridge that performs filtering based on MAC addresses can process multiple frames simultaneously, guaranteed bandwidth to each switch port. Switches offer guaranteed bandwidth. (Webtycho, 2013)
Routers assign a new address per port which allows it to connect different networks together. Also discovers information about routes and changes that take place in a “network through its routing protocols; and filters traffic based on ACLs and fragments packets.” (Webtycho, 2013) Because of their network level, they can “calculate at the shortest and economical path between the sending and receiving hosts” (Harris, 2013). Routers operate in the network OSI layer.
Gateways- can be a combination of hardware andor software that connects individual LANS to a larger network and can act like a translator. This usually involves converting different protocols. For example, a “gateway could be used to convert a TCPIP packet to a NetWare IPX packet”. (Webtycho, 2013) Gateways operate in all seven OSI layers.
Reference
Harris, S. (2013). Alll-in-One CISSP. New York: McGraw-Hill.
Webtycho, U. (2013, October).Network Course Content Material . Adelphia, Maryland.
Week 4 DQ 1
After reading/viewing this week’s materials, please respond to one or more of the following questions.
Describe in your own words the differences between steganography, digital watermarking, and digital rights management.
Choose three of the basic cryptosystems and give an overview of each.
Describe the operation of a one-time pad (OTP) and give an example of a device that uses an OTP either from your own experience or from research.
A one-time pad (OTP) uses a pad of random values, where a plaintext message that needs to be encrypted is converted into bits. The encryption process uses a binary mathematic function exclusive-OR (XOR) that is applied to two bits and when combining the bits, if both values are the same the result is 0 (1 XOR 1=0)m, but if the values are different from each other the result is 1(1 XOR 0=1). For instance when User A and User B “produce a huge number of random bits and share them secretly. When User A has a message to send to User B, User A retrieves a number of random bits equal to the length of User A’s message, and uses them to be the message’s key. User A applies the exclusive or operation (xor) to the key and the message to produce the encrypted message. The key must be exactly the same size as the message. The key must also consist of completely random bits that are kept secret from everyone except User A and User B. When User B receives the message, User B retrieves the same bits from his copy of the random bit collection. User B must retrieve the same random bits in exactly the same order that User A used them. Then User B uses the sequence of random bits to decrypt the message. User B applies the xor operation to the message and the key to retrieve the plain text.” (Cryptosmith, 2007) An example of a device that uses the one-time pad would be a mobile phone.
Reference
Cryptosmith, (2007). One-Time Pads, Retrieved from: http://b.cryptosmith.com/2007/06/09/one-time-pads/
Week 4 DQ 2
After reading/viewing this week’s materials, please respond to one or more of the following questions.
What are the strengths and weaknesses of symmetric key cryptography? Give an example of where this type of cryptography is used. What are the strengths and weaknesses of asymmetric key cryptography? Give an example of where this type of cryptography is used.
What are the types of message integrity controls and what benefit is provided by them? Give a short description of the various secure email protocols that are referenced in the Shon Harris book and the Course Content.
What benefit do digital signatures provide and what are their characteristics? In your own words, what does non-repudiation mean?
The types of message controls and their benefit include, The One-Way Hash, the benefit it provides a fingerprint of a message by taking a variable-length string and a message and produces a fixed-length value; HMAC, the benefit it provides data origin authentication and data integrity. A symmetric key is used and concatenated to produce a MAC value that is appended into a message and sent to the receiver; CBC-MAC, the benefit it provides is that the message is encrypted with a symmetric block cipher in CBC mode and the output of the final block of ciphertext is used as the MAC; Hashing, this has various algorithms such as MD2, MD4, MD5, SHA, HAVAL, Tiger. The benefit it provides is that it generates messages digests to detect whether modification has taken place; Digital Signature, the benefit it provides is that it encrypts the sender’s private key.
The various secure email protocols are:
Privacy-Enhanced Mail (PEM) – an internet standard that provides secure-email over the Internet for in-house communication infrastructure that provides authentication, message integrity, encryption, and key management.
Pretty Good Privacy (PGP) – a freeware email security program that was the first widespread public key encryption program. PGP is a complete cryptosystem that uses cryptographic protection to protect email files.
Multipurpose Internet Mail Extension (MIME) – a technical specification that indicates how multimedia data and email attachments are to be transferred; and a mail standard that dictates how mail is formatted, encapsulated, transmitted, and opened.
Harris, Shon. CISSP All-in-One Exam Guide, Sixth Edition. McGraw-Hill/Osborne. © 2013. Books24x7. <http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?bookid=50527>
Week 5 DQ 1
After reading/viewing this week’s materials, please respond to one or more of the following questions.
What are the steps in the business continuity planning process? Why is a clear understanding of a company’s enterprise architecture critical to this process?
Describe the steps in a Business Impact Analysis (BIA).
What different loss criteria types can be associated with threats identified during the Business Impact Analysis process?
The following are the steps in the business continuity planning process. It is extremely important to have a clear understanding of the company’s enterprise architecture because you have to know what you’re protecting and how it would affect the organization and its stakeholders if those assets identified were damaged or destroyed.
Develop the continuity planning policy statement. Write a policy that provides the guidance necessary to develop a BCP, and that assigns authority to the necessary roles to carry out these tasks (Harris, 2013).
Conduct the business impact analysis (BIA). Identify critical functions and systems and allow the organization to prioritize them based on necessity. Identify vulnerabilities and threats, and calculate risks (Harris, 2013).
Identify preventive controls. Once threats are recognized, identify and implement controls and countermeasures to reduce the organization’s risk level in an economical manner (Harris, 2013).
Develop recovery strategies. Formulate methods to ensure systems and critical functions can be brought online quickly (Harris, 2013).
Develop the contingency plan. Write procedures and guidelines for how the organization can still stay functional in a crippled state (Harris, 2013).
Test the plan and conduct training and exercises. Test the plan to identify deficiencies in the BCP, and conduct training to properly prepare individuals on their expected tasks (Harris, 2013).
Maintain the plan. Put in place steps to ensure the BCP is a living document that is updated regularly (Harris, 2013).
Reference:
Harris, S. (2013). CISSP All-In-One Exam Guide, Sixth Edition. [Books24x7 version] Available fromhttp://common.books24x7.com/toc.aspx?bookid=50527Week 5 DQ 2
After reading/viewing this week’s materials, please respond to one or more of the following questions.
Describe the differences between the hot, warm, and cold site methods of facility recovery.
Define the full, incremental, and differential backups and describe the differences between these data backup types.
Describe the differences between disk shadowing, electronic vaulting, and remote journaling. What is disk duplexing and how does it differ from disk mirroring?
Effective data recovery plans must include hot sites, warm sites and cold sites. When the capabilities of each site is considered, companies are better able to predict the recovery time following a disaster. Knowing how long it will take until systems begin running again is vital. A hot site is considered “proactive”. It allows a company to keep servers and a live backup site running incase a disaster occurs. This is unlike a warm or “preventive” site which enables the pre-installation of a company’s hardware and it allows the company to preconfigure bandwidth necessities. In a warm site, all a company would have to do is simply load software, as well as data in order to restore the business’ systems. Cold sites are also referred to as ‘recovery’ sites. These sites include data center space, power and network connectivity that is available whenever a company may need it. In these facilities, a company’s logistical support team would assist in the moving of hardware into the data center and get the company back up and running. This process may take an extended period of time, unlike a transition into a hot site where there would be immediate cutover if disaster were to arise. Hot sites are essential for mission critical sites (Core X Change, 2014).
References
Core X Change. (2014). Disaster Recovery Hot, Warm and Cold Sites: Key Differences.Colocation & Connectivity by Zayo. Retrieved from https://www.corexchange.com/blog/disaster-recovery-hot-warm-cold-sites-key-differences
Week 6 DQ 2
After reading/viewing this week’s materials, please respond to one or more of the following questions.
What is a View-based access control in database? What is a Data warehouse? What is Online Transaction Processing (OLTP)?
What is Change Management and how is it used to control security breaches? What is Configuration Management and how is it used to control security breaches? What is Patch management and how is it used to control security breaches?
In a database, to control security, lock controls are implemented and tested using the ACID test. Explain the following terms for each letter within the ACID method: Atomicity, Consistency, Isolation, Durability.
The ACID method consist of atomicity which divides transactions into units of work and ensures that all modifications either take effect or none takes effect- where the database either commits or is rolled back; consistency is where a transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases; isolation is where transactions execute in isolation until completed, without interacting with other transactions; and durability which pertains to once the transaction is verified as accurate on all systems it is committed and the databases cannot be rolled back.
Week 7 DQ 1
After reading/viewing this week’s materials, please respond to one or more of the following questions.
Describe the administrative management practices of separation of duties, job rotation, and mandatory vacations and their role within operations security.
Describe the differences between the following sanitization methods of media control: clearing, purging, zeroization, and degaussing. What is data remanence?
The difference between the following sanitization methods of media control are:
Clearing – a process of removing data from media that it is not readily retrieved using routine operating system commands or data recovery software.
Purging –method of removing the data on media making it unrecoverable even with great effort.)
Zeroization- method of overwriting data on media with a pattern designed to ensure that the data cannot be recovered
Degaussing – the process of magnetically scrambling the patterns on a tape or disk that represents the data stored on the disk and destroying the media through either shredding crushing, or burning-
Data remanence is the residual physical representation of data that remains on the drive even after the data has been removed or erased.
Week 7 DQ 2
After reading/viewing this week’s materials, please respond to one or more of the following questions.
Describe the different methods of RAID. What is RAIT?
Define the different types of trusted recovery. What is meant by the term “fail secure”?
Describe three of the following attack types in the Operation Security domain: man-in-the-middle, mail bombing, war-dialing, ping-of-death, teardrop, and slamming-and-cramming
The different methods of RAID consist of RAID 0 which deals with data striping, RAID 1 handles mirroring, RAID 2 where data parity are created with a hamming code which identifies any errors, RAID 3 is considered the Byte-level parity, where data is striping over all the drives and the parity data is held on one drive, RAID 4 is where parity is created at the block-level, RAID 5 is where data is written in disk sector units to all the drives-this is the most widely used because of its redundancy, RAID 6 is the fault tolerance, which is a second set of parity data written to all drives, RAID 10 is where data are simultaneously mirrored and striped across several drives and can support multiple drive failures.
Redundant Array of Independent Tapes (RAIT) is similar to RAID but it uses tape drives instead of disk drives. In RIAT data is striped in parallel to multiple tapes drives with or without redundant parity drive.
Week 8 DQ 1
As the course wraps up this week, please share your reflections on this course, including lessons learned.
What are you goals moving forward?Though a very challenging and fast-paced class, I learned quite a bit in each of the CISSP domains. It is easy to see why an exam of this level is contingent upon five years of job experience in at least two of the domains (although you can take the exam without the experience and only achieve SSCP) ((ISC)2, 2014).
From the perspective of taking the exam, I will likely take another couple months to circle back to each domain take more practice tests, and really focus on topics that need more attention. Though this was an eight week class, the scope of the CISSP is very large and requires a lot of attention.
I haven’t yet received feedback on my risk assessment paper, but I’ll say that it was a challenging yet rewarding assignment. It was great to take the topics we learned in class and directly apply them to a project, which isn’t far from what is in the real world. If I wasn’t a procrastinator, I could have easily doubled or tripled the length of this paper, given the topics I learned in this class that I wanted to apply to GFI’s, such as writing more detail about a security policy, vulnerability management, etc. I’ll have to leave that for a other courses, which I hope to be able to take.
All in all, this was a great class. I would have much preferred not to have taken it online, and take it in a 16 week session, but there is still a lot I’ve learned that I will be able to apply to my current job to make me a better Information Assurance Auditor.
Good luck to you all in your future studies!
Works Cited
(ISC)2. (2014). How to Get Your CISSP Certification. Retrieved 12 14, 2014, from (ISC)2: https://www.isc2.org/cissp-how-to-certify.aspx
