Welcome to

the CISSP
Bootcamp
Your instructor:
Michael J Shannon
CISSP #42221 / #524169,
CCNP-Security, PCNSE7,
AWS Certified Security – Specialty, Class will begin at 10:00
OpenFAIR, and A.M. Central Standard
ITIL 4 Managing Professional Time (CST)

You can view recorded sessions and download the

course documents at: http://tiny.cc/CISSP2018LIVE
 • Least Privilege
• Applies a need-to-know approach
Principles of • The idea originated in military and intelligence operations
• Subjects are only given access to the objects they need
Secure and nothing else without strict approval process
Design • In network security, this results in restrictive policies,
where access to and from a security domain is allowed
only for the required users, applications, or network
traffic. Everything else is denied by default
 • Defense in depth
• Providing end-to-end layered security with several components
Principles or with multiple integrated features
of Secure • Can be physical or logical (virtual)
• Applies to networks, applications, and physical etc.
Design
• Compartmentalization
• Creating security domains and zones
• Can also be physical or logical
• Granular trust relationships between compartments mitigate
attacks that try to gain a foothold
• Apple iOS secure enclave is a good example
• Virtual LANs in a Cisco or VMware environment
Weakest Link Principle
• A security system is only as effective as its weakest link
• A layered approach to security, with weaker or less
protected assets residing in separated security
domains, mitigates the necessary existence of these
weakest links
• Humans are often considered to be the weakest link in
information security architectures
Principles of Secure
Design
Separation of Duties
• Processes where more than one entity is
required to complete a particular task SQL SQL
Backup
• Often involves dual operator principles as well
where to subjects are needed to modify a
particular object
• Rotation of duties is also a related principle
• Example: forced vacations SQL SQL
Restore
Principles of Secure
Design
Mediated Access
• This principle involves avoiding direct
client to server access whenever
feasible
• Uses various proxies for:
• Authentication (interactive or transparent)
• Translation services (NAT)
• Bastion (jump) hosts and CSP services
• Web proxies for content and URL filtering
• Using Managed Security Service Providers
(MSSP) and Content Access Security
Brokers (CASB)
Principles of Secure Design
• Hierarchically trusted components and protection
• Structured data classification and security controls using
trusted components and security architectures
• Can be trusted platform modules (TPM), SELinux, self-
encrypting drives (SED), CIS Baseline images, etc.

• Accountability and nonrepudiation

• Application of visibility tools and nonrepudiation
mechanisms such as digital signatures to entities, code,
and processes
• Continual random audits of highest privileged insiders
 Zoning
• Zoning is used to mitigate the risk of
an open network by segmenting
infrastructure services
• Every zone contains one or more
separate, routable networks;
• Every separate, routable network is
contained within a single zone;
• Every zone connects to another zone via a
perimeter that contains zone interface
points (ZIPs) like firewalls
• The only zone that may connect to the
public zone is the PAZ (DMZ)
Zoning
Sample Security Policy Life Cycle
Patch Management
Configuration
Management
• There are key differences between
change management and configuration
management (CM) – configuration
management comes first
• CM is a governance and systems life cycle
process for ensuring consistency among
all assets (configuration items, or CIs) in
an operational environment:
• Classifies and tracks individual CIs
• Documents functional capabilities and
interdependencies
• Verifies the effect a change to one
configuration item has on other systems
Change Management Lifecycle
Fundamental
Concepts of
Security • Security models are used to decide which subjects
can access particular objects – the specification of
Models a security policy
• Typically implemented by enforcing integrity,
confidentiality, origin authentication, and
nonrepudiation controls
• Designer determines how the models will be used
and integrated into specific designs
• May be done by individual or committee
• Security is best enforced with a multilevel or
hierarchical security system
Mandatory Access Control
(MAC)
• MAC is nondiscretionary and secures
data by assigning sensitivity labels,
then compares labels to the level of
user sensitivity
• It is appropriate for extremely secure
systems such as multilevel secure
military applications
• Its main advantage is that access based
on "need to know" is strictly adhered
to and scope creep is minimized
• It is used by Bell-LaPadula
(confidentiality) and Biba (integrity)
Discretionary
Access Controls • DAC restricts access to data and systems based on
(DAC) the identity of users and/or their group
membership
• Access results are usually based on authorization
granted to a user based on the various forms of
credentials presented at the time of
authentication
• In most DAC implementations, the owner of the
resource can change its permissions at their
discretion
• A DAC framework can deliver the capability for
granular access control
• Discretionary Access
Controls (DAC)
DAC Pros and Cons

• Advantages of using DAC

• Easy to implement and operate and is often
built in to network operating systems
• Aligns with the least privilege security
principle
• Object owner has control over granted access
• Issues that can arise with DAC
• Documentation of the access must be strictly
maintained
• Propensity for privilege creep to occur is high
Attribute-based Access ABAC
Control (ABAC) • Controls access to entities by weighing
rules against the attributes of the subject's
actions and the request environment
• ABAC relies upon evaluation of
• People's characteristics
• Attributes of IT components
• Heuristics
• Environmental factors
• Situational variables
• ABAC systems are capable of enforcing both
Discretionary Access Control (DAC) and
Mandatory Access Control (MAC) models
Role-based Access Control (RBAC)
• Access decisions rely on org chart, roles, responsibilities, or location in a user
base
• Role is typically set based on evaluating the essential objectives and architecture
of the enterprise
• For example, in a medical center, the different roles may include doctor, RN, PA,
specialist, technician, attendant, receptionist, etc.
• RBAC framework is determined by security administrators and officers, and is
not at the discretion of the user
• We are seeing companies with a lot of turnover or lots of transient, temp, and
contractor users move from DAC to role-based due to the flexibility and easier
management
Role-based Access Control (RBAC)
• Pros
• It's easy to implement and control
• Roles are assigned using written security policy
• It's built into many security frameworks
• It aligns accepted security principles
• Cons
• Scope creep can take place over time
• Roles and access must be audited rigorously
• Multitenancy capabilities need things like AD OUs
Rule-based Access Control (RBAC)
 • First mathematical model with a multilevel security policy
used to define the concept of a secure state machine and
Bell- models of access and outlined rules of access
LaPadula • Focuses on ensuring that subjects with different clearances

Confidentiali are properly authenticated by having the necessary

security clearance, need to know, and formal access
ty Model approval before accessing an object under different
classification levels
• All MAC systems are based on the Bell-LaPadula model
because of its multilevel security, and it's been adopted by
most government agencies
 • State machines are used to model complex systems
Bell- • The state of a machine is collected to verify the security of
LaPadula is a a system as it defines the behavior of a set number of
states, the transitions between those states, and the
State subsequent actions that can take place
Machine • A particular state typically consists of all current
Model permissions and instances of subjects accessing objects
• If a subject can access objects only in adherence with the
security policy, then the system is considered secure
State Machine Models
 • Simple security rule: a subject at a given security level
cannot read data that resides at a higher security level (no
read-up rule)
The Bell-
• Star property (*) rule: a subject at a given security level
LaPadula cannot write information to a lower security levels (no
Ruleset write-down rule)
• Strong star property rule: a subject who has read and
write capabilities can only perform those functions at the
same security level – nothing higher and nothing lower
• Tranquility principle: subjects and objects cannot change
their security levels once they have been instantiated
(created)
 Biba Integrity Model
• Developed after Bell-LaPadula, it
uses a lattice of integrity levels
(unlike Bell-LaPadula)
• It is an information flow model,
like Bell-LaPadula
• Simple integrity rule (no read down)
• Star (*) integrity rule (no write up)
• Invocation property
Lattice Models
Also called the Denning model • A lattice (Denning 1976) is a mathematical
construct built on the concept of a group
• The mathematical construction has
• A set of elements
• A partial ordering relation
• The property that any two elements must have a
unique least upper bound and a greatest lower
bound
• Lattice elements are security labels that consist of a
security level (i.e., top secret, secret, sensitive, etc.)
and a set of categories
• A security lattice model combines multilevel and
multilateral security
Lattice Models
Clark-Wilson Integrity Model
• Developed after Biba and deals with information integrity
• Objects can be modified by subjects using read/write operations
• Integrity verification procedures (IVPs) are programs that run periodically to
check the consistency of CDIs (integrity rules that are usually defined by
vendors)
• Integrity goals of Clark-Wilson model
• Prevent unauthorized users from making modifications
• Ensure separation of duties prevents authorized users from making improper
modifications
• Ensure well-formed transactions; maintain internal and external consistency
Non-interference Models
• This model ensures that any actions that take place at a higher security level do
not affect or interfere with actions that occur at a lower level
• It is not concerned with data flow, but instead with what a subject knows about
the state of the system
• If an entity at a higher security level performs an action, it cannot change the
state for the entity at the lower level
• This model also addresses the "inference attack" that happens when somebody
has access to information and can guess something that he or she does not have
the clearance level or authority to know
Non-interference Models
Information Flow Models
• Observes info flows in a state machine
• Data is considered in individual discrete compartments based on classification
and need-to-know principles
• Subject clearance overrules the object classification, and the subject security
profile must contain one of the categories listed in the object label which
enforces need to know
• Example: Bell-LaPadula model prevents information flowing from higher source level to
lower source level
• Example: Biba model prevents information flowing from lower integrity level to higher
integrity level
Information Flow Models
 Cryptology and
Cryptographic Systems

• Cryptography
• Study and practice of securing
communications
• Encryption and hashing
• Cryptanalysis
• Study and practice of exploiting
weaknesses in communications

• Provides confidentiality, integrity,

peer authentication, and
nonrepudiation
 Ciphers

• Algorithms are used for encryption

and decryption
• Outline the well-defined series of
procedures that are followed in
cryptosystem
• There are many different types,
from simple to complex
• Modern ciphers combine
transposition, confusion, and
diffusion techniques
Transposit • Rearrange or permutate letters
• Legacy example is the Rail Fence Cipher
ion
• Transposition is a common aspect of encryption algorithms
Ciphers with varying methods
• Modern cryptosystems (like AES) uses layers of transposition
over finite fields such as Galois (AES-GCM):
• Key addition – a derived key is XORed
• Byte substitution – an S-box transform adds confusion
• Diffusion – all state bits go through ShiftRow and MixColumn layers
 Keys

• Ciphers, algorithms, and protocols are open source, so

Keys are everyone knows them
critical to the • Keys must be kept secret, or the cryptosystem fails
strength of • Keys must be long and strong to prevent a successful
the brute-force attack
• Texmex-Absurd-Dolphins
cryptosyste • 7pZ||^z%uiZ[1IR
• upxeQV>wv50kPY1P_xKwl8X63=Y|31
m • 2RW766Alat7bqyBgs9UHH9cmnxi52Nn5
 • Manually generated
• Number generators
• Random number generator (RNG)
• Pseudorandom number generator (PRNG)
Cryptographi • Static keys
c Keys • Session keys
• A single-use symmetric key used for an entire session
• Ephemeral keys (not stored)
• AWS provides Customer Master Keys (CMK) with their KMS
Cryptographic Hashing
• Also known as hash value, message digest, fingerprint,
checksum
• Hashing maps data of any size to a fixed-length string (SHA
256 bits)
• Produces a digest 128 to 512 bits in length
• It is an irreversible one-way mathematical function
• Unfeasible to generate original from hash value
• Deterministic and quick to compute
• A small change results in the avalanche effect
• No two message inputs should generate the same hash
value (collision)
 Hashing Algorithms

• MD5 (128-bit digest produced)

• Has been deprecated
• SHA-1 (160-bit digest produced)
• SHA-2 (256-bit)
• SHA-3
• Not meant to replace SHA-2
• RACE Integrity Primitives Evaluation
Message Digest (RIPEMD) with 128-,
160-, 256-, and 320-bit versions
Hashed Message Authentication Codes (HMAC)
for Integrity and Origin Authentication
HMAC for Integrity and Origin
Authentication
Symmetric Key Algorithms
• Same secret key is used for encryption and decryption
• Secret key must be shared between sender and receiver securely
• Strength is related to management and size of keys and how they are shared
• Key is typically from 40 to 512 bits in length
• Longer keys are less susceptible to a successful brute force attack
Symmetric Key Algorithms
• Provides wire-speed encryption
• Used for bulk data encryption (e.g., VPNs and CMKs at a CSP)
• Deploys confusion and diffusion techniques
• Can be accelerated by hardware
• Uses stream and block ciphers (most often)
Advanced
Encryption Standard
(AES) • AES became effective as a federal
Based on the Rijndael algorithm government standard on May 26, 2002,
after approval by the Secretary of
• ECB (Electronic Codebook) Commerce
• CBC (Cipher Block Chaining) • AES is included in the ISO/IEC 18033-3
• CTM (Counter Mode) standard

• GCM (Galois/Counter Mode) • It is available in many different encryption

packages, and is the first (and only)
publicly accessible cipher approved by the
NSA for top secret information when used
in an NSA approved cryptographic module
Galois Counter Mode (GCM)
Asymmetric Key Algorithms
• Different keys are used for encryption and decryption
• They are generated together and are mathematically related
• The public key is shared with many
• The private key is kept secret by owner
• Keys range from 512 to 4,096 bits in length
Asymmetric
Key
Algorithms

• Privacy
(confidentiality)
• Encrypt with public key
• Decrypt with private key

• Origin
authentication
• Encrypt with private key
• Decrypt with public key
Asymmetric Key Algorithms
• Slower (not suitable for bulk data encryption)
• Design is based on factoring the product of large prime numbers
• Key management is simpler and more secure
• Best suited for digital signatures and session key exchange or agreement
protection services
• RSA (most popular commercial), DSA, Elliptic curve DSA, PGP/GPG, Diffie-Hellman
Elliptic curve
Algorithms

• Rich mathematical
functions based on
points on a curve
• Most efficient and
smaller keys provide
exceptional strength
• 3,072 standard key =
256 elliptic curve key
• Common uses
• Digital signatures
• Key distribution
• Encryption
Diffie-Hellman Key Exchange
• The first key agreement asymmetric algorithm used for
generating shared secret keys over an untrusted channel
• Once the two parties securely develop shared secrets then
they can use the keys to derive subsequent keys
• These keys can then be used with symmetric-key
algorithms to transmit information in a protected way
• DH can also be used to establish public and private keys;
however, RSA tends to be used instead
• The RSA algorithm is also capable of signing public-key certificates,
whereas the Diffie-Hellman key exchange is not

• DH is used by TLS, IPsec, SSH, PGP, and many others

Diffie-Hellman Key Exchange
Diffie-Hellman Groups
• Diffie-Hellman group 14: 2048-bit modulus – MINIMUM ACCEPTABLE
• Diffie-Hellman group 19: 256-bit elliptic curve – ACCEPTABLE
• Diffie-Hellman group 20: 384-bit elliptic curve – Next Generation Encryption
• Diffie-Hellman group 21: 512-bit elliptic curve – Next Generation Encryption
• DH group 24: Modular exponentiation with a 2048-bit modulus and 256-bit prime
order subgroup – Next Generation Encryption
Diffie-Hellman Modes
• DH (Diffie-Hellman) - Same shared secret used all the time between parties
• DHE/EDH (Ephemeral Diffie-Hellman) - Different shared secret used each time between
parties
• ECDH (Elliptic-curve Diffie-Hellman) - Uses EC public/private key pair and the same
shared secret used all the time between parties
• ECDHE/ECEDH (Elliptical-curve Ephemeral Diffie-Hellman) - Uses EC public/private key
pair and a different shared secret used each time between parties
 Digital Signatures

Digital
Signatures
provide
Authenticity
Integrity &
Nonrepudiation
Digital Signatures
Equivalent to handwritten signatures

• Key
• Random private/public pair
• Hash algorithm
• MD5, SHA1, SHA2+
• Signing algorithm
• Digital Signature Algorithm (DSA)
• Rivest, Shamir, Adelman (RSA)
 One-Time Pad (OTP)
• Based on the Vernam cipher
• One-time random pre-shared key that is
the same size as the message being sent
• The key should never be used more than
once and must be kept secret
• The key is added to plaintext bits using
modular addition
• Considered unbreakable when
implemented properly with random keys
• Pure random keys are difficult to
generate
Perfect Forward
Secrecy
Also called “forward secrecy”

• Protects past sessions against future

compromises of secret keys
• Compromises long-term keys, not any
past session keys
• A public-key cryptosystem has the
optional property of forward secrecy
when it generates one random secret
key per session to complete a key
agreement without using a
deterministic algorithm
Perfect Forward Secrecy

1. Alice and Bob each generate a pair of long-term,

asymmetric public and private keys, then verify
public-key fingerprints in person or over an
already-authenticated channel. The only thing
these keys will be used for is authentication,
including signing messages and signing things
during session key exchange. These keys will not
be used for encryption of any kind.
Perfect Forward Secrecy

2. Alice and Bob use a key exchange algorithm such

as Diffie–Hellman, to securely agree on an
ephemeral session key. They use the keys from
step 1 only to authenticate one another during
this process.

3. Alice sends Bob a message, encrypting it with a

symmetric cipher using the session key
negotiated in the previous step 2.
Perfect Forward Secrecy

4. Bob decrypts Alice's message using the key

negotiated in step 2.
5. The process repeats for each new message sent,
starting from step 2 (and switching Alice and
Bob's roles as sender/receiver as appropriate).
Step 1 is never repeated.
Overview of
Cryptanalysis
• Cryptanalysis is the study and practice of exploiting
weaknesses in communication protocols and
cryptosystems
• Most known methods, like brute force, are ineffective
on most modern cryptographic algorithms due to
• Lack of time
• Lack of computing power
• Good key management and life cycles
• Most weaknesses are found in the implementation and
key management as opposed to the algorithm itself
 Three Approaches

• Classical cryptanalysis typically involves 2 disciplines:

• Mathematical analysis which involve analytical attacks that exploit
the internal structure of the encryption methods
• Brute-force analysis which treats the algorithm as a black box and
tries all possible keys in the keyspace
Cryptanalysis
• Implementation Attacks
• The most common is a side-channel attack where one measures
the electrical power consumption of a processor operating on a
secret key
• The power trace is used to determine “0”s and “1s” and ultimately
give information about plaintext or keys
• Typically needs physical access like Smart Card
• Social Engineering
 Attacking RSA
• Protocol attacks – exploit
weaknesses in the way RSA is used
• Padding and proper implementation
mitigate these

• Mathematical attacks
• Best example is factoring the modulus
• Although 1024-bit RSA is adequate, a
modulus of 2048 – 4096 bits is highly
recommended today

• Side-channel attacks
• information about the private key is
leaked via physical channels like power
consumption (SPA) and timing behavior
Key Generation
• Keys can be generated through the key manager or by a
trusted third party, which must use a cryptographically
secure random bit generator Cryptographic
• The keys, along with all their attributes, will then be
stored in the key storage database (which must be
Key Lifecycle
encrypted by a master key)
• Attributes include name, activation date, size, and
instance
• A key can be activated upon its creation or set to be
activated automatically or manually later
Key Backup and Storage
• In order to recover a key that has been lost during its
use, a secure backup copy should be made available
• Backup keys can be stored in a protected form on
external media (CD, USB drive, etc.), a hardware
security module (HSM), or by using an existing Cryptographic
traditional backup solution (local or networked)
Key Lifecycle
• When a symmetric key or an asymmetric private key is
being backed up, it must be also encrypted and stored
Key Distribution and Loading
• The objective is to install the new key into a secure
cryptographic device, either manually or electronically
• For manual distribution, keys must be distributed and Cryptographic
loaded in key shares to avoid the full key being viewed
in the clear
Key Lifecycle
• When symmetric keys are installed, it is recommended
that they be encrypted by a public key or key-
encryption key prior to being delivered for deployment
• The key should be deployed and tested for a certain
time period ensure that operations are successful, in
order to avoid any potential data loss or theft
Normal Use and Replacement
• The key management system should allow an activated
key to be retrieved by authorized systems and users
• It should also effortlessly manage current and past
instances of the encryption key
• The key manager will replace a key automatically
Cryptographic
through a previously established schedule or if it is Key Lifecycle
suspected of compromise
• When replacing keys, the goal is to bring a replacement
key into active use by the system, and to also convert all
stored, secured data to the new key
Archiving Keys
• Archival refers to off-line long-term storage for keys
that are no longer in operation Cryptographic
• Long-term storage (i.e. Gemalto HSM or CloudHSM)
Key Lifecycle
• These keys usually have data associated with them that
may be needed for future reference, such as long-term
storage of emails
• There may also be associated data in other external
systems
• When archiving a key, it must be encrypted to add
security
• Before a key is archived, it should be proven that no
data is still being secured with the old key
Key Disposal (Disposition)
• The last phase is the end of the key's life-cycle, where
all instances, or certain instances, are completely Cryptographic
removed
Key Lifecycle
• The end of life for a key should only occur after an
adequately long Archival phase, and after adequate
analysis to ensure that loss of the key will not
correspond to loss of data or other keys
• There are three ways to remove a key from operation:
• Key destruction
• Key deletion
• Key termination
Key Stretching
Strengthens weak passwords or keys

• Lengthens symmetric keys to at least 128

bits
• An Initial key (password or passphrase) is
fed into algorithm and an enhanced key is
produced after many iterations
• Increases the time it takes to perform
brute-force attack on key
• Common algorithms are Bcrypt and
PBKDF2
Key Escrow
• Third party has copy/access to private
keys
• Only allowed access under strict conditions –
for example, a court order

• Issues can arise:

• The request for access process
• The legitimacy of request
• Granting the access
• How many systems are not vulnerable?
Hardware Security Modules (HSM)
• Uses tamper-proof, hardened devices
• Provides crypto processing
• Protect cryptographic functions
• Secures cryptographic keys
• Involves partitioned administration and
security domains
• Applies corporate key use policies
• Can be used in place of software crypto
libraries
 Public Key Infrastructure
• Based on the concept of the “trusted
introducer” from PGP
• Scalable method for securely distributing
and revoking public keys globally
• Central trusted introducer (Comodo,
GeoTrust, DigiCert, Thawte) stores, issues,
and signs certificates
 Public Key Infrastructure
• Certificates can now be exchanged over untrusted networks as the certificates/public keys
of entities are now verified with the public key of a CA
• Two public key algorithms are involved: the one within the certificate, the Subject’s Public
Key algorithm (e.g. some 160-bit elliptic curve mechanism) AND the one that was used to
SIGN the certificate (like RSA 2048)
Hierarchical CA Trust
Models
Root CA + Intermediate CAs

• Root provides certificate to intermediate CAs

• Intermediate CAs provide certificates to users
or other intermediate CAs
• Root can be online or offline
• Online – connected to network
• Issues certificates over the network
• Offline – not connected to network
• Issues certificates on removable media
Certificate Chaining
How do we trust the certificate?

• This is referred to as trust delegation where

each CA signs the public key of the CA one
level below
• Alternatively, it is very common for CA’s to
cross-certify each other without some strict
hierarchical relationship being in place
• The CA must be in trusted store but its not
possible to include all CAs
• Chain of trust is established by:
• "Issued To" field
• "Issued By" field
Expiration, Revocation,
Suspension
CRL (Certificate Revocation List)

• Original method using a list of certificates

that are not valid based on serial numbers
• Issued by the CA who granted the certificate
• Generated and published periodically
• Defined intervals or immediately - not real time
• Downloaded by client regularly but also not in
real time
• Suspension of a certificate does NOT place
the serial number on the CRL
 OCSP (Online Certificate Status Protocol)
• OCSP is a method for a web browser to determine the validity
of an SSL/TLS certificate by verifying with the vendor of the
certificate
• An online transactional database of serial numbers that is
generated and published immediately
• Clients query database anytime although many will bypass
• OCSP improves security but websites to load slower
 OCSP Stapling
• OCSP stapling is a method for quickly and safely determining whether a TLS server certificate is valid
• Stapling involves the web server downloading a copy of the vendor’s response which it can then
deliver directly to the browser or other web client
• The web server can provide information on the validity of its own certificates instead of requesting
the information from the certificate’s vendor
• A status_request_extension in TLS 1.2+ is used by the web client to indicate support for this feature
• The TLS server will send fresh certificate information in the TLS handshake
• Supports only one OCSP response and is used to check the status of the
server certificate only
Certificate Pinning
• A security method for associating a
service with certificates and public keys
• Offers three key improvements:
• Reduces the attack surface by letting owners
pin the CA’s that are allowed to issue
certificates for their domain names (Google
preloaded public key pinning for most of their
sites in Chrome 13 browsers)
• Provides key continuity without relying on
public CA’s
• Pinning can be used for authentication using a
secure channel