CISSP Domain Security Operations

CISSP Domain Security Operations

Olá pessoal,

Esse artigo é um resumo de todas as terminologias que anotei sobre o Domínio Security Operations durante o meu preparatório para a certificação do CISSP. Acredito que será bastante útil para quem esta estudando para o exame.

Para receber os próximos domínios assine a Newsletter!

Bom estudo!!!

Configuration Management Is the process of tracking and approving changes to a system. It is only required for B2, B3 and A1 level systems.
Disclosure of Residual Data Allowing objects to be used sequentially by multiple userswithout a refresh of the objects can lead to disclosure of residual data.
TCB (Trusted Computing Base) Includes hardware, software and firmware.
Clipping Level Should be implemented to establish a baseline of user activityand acceptable errors.
Sniffers Allow an attacker to monitor data passing across a network.
Hamming Code The parity information is created using a hamming code that detects errorsand establishes which part of which drive is in error.
Data Diddling As it involves changing data before, or as it is entered into the computeror in other words , it refers to the alteration of the existing data.
Input Controls Areused to ensure that transactions are properly entered into the system once.
Media Viability Controls Include marking, handling and storage.
Monitoring Techniques Include Intrusion detection, Penetration testing and Violation processing using clipping levels.
Network Address Hijacking Enables theintruder re-route data traffic from anetwork device to a personal machine.
Due Care Involves carrying out responsible actions to reduce those risks.
Due Diligence Involves going through the necessary stepsto know what a company’s or individual’sactual risks are.
Clearing Information Rendering it unrecoverable by a keyboard attack.
Mandatory Vacations Identify fraudulent activities and enabling job rotation to take place.
Rainbow Tables Consist of all possible passwords in hashed formats. This allows attackers to uncover passwords much more quickly than carrying out a dictionary or brute force attack.
Two-man Control Two operatorsreview and approve the work of each other.
System Reboot Is performed after shutting down the system in a controlled mannerin response to aTCB (Trusted Computing Base) failure.
Emergency System Restart Is done after a system fails in an uncontrolled mannerbut consistency can be brought back automatically to the system. 
System Cold Start Takes place when unexpected TCB or media failures take place and the recovery procedurescannot bring the system to a consistent state.
Rotation of Duties Is used to interrupt opportunity to create collusion to subvert operation for fraudulent purposes.
Dual Control Requires two ormore entities working together to complete a task.
Teardrop Attack Involves sending malformed fragmented packets to a vulnerable system.
Browsing Attack Occurs when an attacker looks for sensitive informationwithout knowing what format it is in.
Separation of Duties Ensures that one person cannot perform ahigh-risk task alone.
Double-blind Test Type of vulnerability assessment is more likely to demonstrate the success or failure of a possible attack.
Operational Controls Backup and Recovery, Contingency Planningand Operations Procedures.
SQA (Systems Quality Assurance) Operational Assurance and Life-cycle Assurance.
Operational Assurance Concentrates on the product’s architecture, embedded features, and functionality that enable a customer to continually obtain the necessary level of protection when using the product.
Life-cycle Assurance Requirements specifiedin the Orange Book are: security testing, design specification and testing, configuration management and trusted distribution.
Failsafe Mode Is the system when it automatically terminates the processesin response to a system failure, thereby ensuring the stabilityand security of the system.
Sanitization The process of wiping out data from the storage media to ensure that thedata cannot be either recovered or reused.
Purging Means making information unrecoverable even with extraordinary effort such asphysical forensics in a laboratory.
Zeroization Overwriting with a pattern designedto ensure that thedata formerly on the media are not practically recoverable.
Degaussing Magnetic scrambling of thepatterns on a tape or disk that represent theinformation stored there.
Destruction Shredding, crushing, burning.
Five steps in a Penetration Test 1 – Discovery – Footprinting and gathering information about the target.
2 – Enumeration –
Performing port scans and resource identification methods.
3 –
Vulnerability mapping – Identifying vulnerabilities in identified systems and resources.
4 –
Exploitation – Attempting to gain unauthorized access by exploiting vulnerabilities.
5- Report to management – Delivering to management documentation of test findings along with suggested countermeasures.
Output Controls Verifying the integrity and protecting the confidentialityof an output.
Job Rotation Can uncover fraud and ensure that more than one person knows the tasks of a position.
Data Remanence Is the residual physical representationof information that was saved andthen erased in some fashion. This remanence may be enough toenable the datato be reconstructed and restored to a redable form.
Dumpster Diving Running through another person’s garbagefor discarded document, information and other previous items that could be used against that person or company.
MTBF (Mean-Time-Between Failure) Is the average length of time the hardware is functional without failure.
MTTR (Mean-Time-To-Repair) Is the amount of time it takes to repair and resume normal operation after afailure has occurred
RAID 0 (Striping) Data striped over several drives. No redundancyor parity is involved. If one volume fails, the entire volume is unusable. It is used for performance only.
RAID 1 (Mirroring) Mirroring of drives. Data is writtento two drives at once. If one drive fails, the other drive has the exact same data available.
RAID 3 (Byte-level parity) Data striping over all drivesand parity data heldon one drive. If a drive fails, it can be reconstructed from parity drive. Is implemented at the byte level.
RAID 4 (Block-level parity) Same as level 3, except parity iscreated at the block level instead of the byte level.
RAID 5 (Interleave parity) Data is written in disk sectorunits to all drives. Parity is writtento all drives also, which ensures that there is no single point of failure.
RAID 6 (Second parity data or double parity) Similar to level 5, but with added fault tolerance, which is asecond set of parity data written to all drivers.
RAID 10 (Striping and mirroring) Data are simultaneously mirrored and striped across several driversand can support multiple drive failures.
RAID 15 Is created by combining RAID Level 1and Level 5.
Striping RAIDseparates thedata into multiple units and stores it on multiple disks.
Trusted Recovery Ensures that security is not breached when a system crash or other system failure occurs.Trusted Recovery is only required for B3 and A1 level systems.
Eavesdropping It is atype of attack where you are collecting traffic and attempting to see what is being sendbetween entities communicating with each other.
Padding Messages it is considered a countermeasure you make messages uniform size.
Sending Noise It is considered a countermeasure, transmitting non-informational data elements to disguise real data.
Faraday Cage It is a tool used to prevent emanation of electromagnetic waves. It is a very effective tool to prevent traffic analysis.
Operations Security Domain Physically securing the tapes from unauthorized accessis obviously a security concern and is considered a function of the Operations Security Domain.
Detective Control These controls can be used to investigate what happen after the fact. Examples are: Motion detectors, Audit logs, IDS (Intrusion Detection Systems).
Preventative Control Prevent eventsor actions that might compromise a system or cause a policy violation. An IPS (Intrusion Prevention System) would be an example of a Preventative Control.
Recovery Control Include processes used toreturn the systemto a secure state after the occurrence of a security incidentBackups and redundant components are examples of Recovery Controls.
Directive Controls Are administrative instruments such as policies, procedures, guidelines, and aggreements.  An acceptable use policy is an example of a Directive Control.
Operations Security “Triples” The Operations Security domain is concerned with triples: threats, vulnerabilities and assets.
B2 Systems must support separate operator and system administrator roles.
B3 and A1 Systems must clearly identify the functions of the security administrator to perform the security-related functions.
Trusted Facility Management A single accounton thesystem has the administrative rights to all the security-related functionsof the system. (B2, B3 and A1).
Loki Attack Uses the ICMP protocol for communications between two systems.
Traffic padding Is a countermeasure to traffic analysis.
System integrity Is also defined in the Orange Book with an operational assurance requirement.

Luciano Lima
[CISSP]-[MVP Enterprise Security]-[MCSA Security]-[MCSE Security]

Você gostou do artigo?
Compartilhe com seus amigos.
Receba a Newsletter por e-mail

Deixe uma resposta