6.3 - TCP/IP Model

Transmission Control Protocol/Internet Protocol (TCP/IP) governs the way data travel from one device to another as a suite of protocols. IP is a network layer protocol and provides datagram routing services. IP’s main task is to support internetwork addressing and packet routing. It is a connectionless protocol that envelops data passed to it from the transport layer. It works with other protocols to transmit the data to the destination computer and then reassemble the data back into a form that the application layer can understand and process. The...

6.2 - Open Systems Interconnection Reference Model

Created by the ISO (International Organization for Standardization), ISO has worked to develop protocols set to be used by all vendors throughout the world to allow the interconnection of network devices. This ideology was perpetuated with the intent of ensuring all vendor products and technologies could communicate and interact across international and technical boundaries. The protocol did not catch on as a standard, but the model of this...

6.1 - Telecommunications & Network Security

Telecommunications and networking use various devices, software, and protocols that are interrelated and integrated. Telecommunications is the electrical transmission of data among systems, whether through analog, digital, or wireless transmission types. While, networking is more complex in the computer field, due to evolving technologies. Modern technologies are improving exponentially in functionality and security monthly. Often times there seems to be new and emerging technologies that must be learned, understood, implemented, and secured. Network...

5.5 - Perimeter Security (Part II)

As previously discussed, perimeter security deals with facility and personnel access controls, external boundary protection mechanisms, intrusion detection, and corrective actions. Here, we will discuss the elements that make up these categories. Facility Access Control Access control needs to be enforced through physical and technical components when it comes to physical security. Having personnel within sensitive areas is one of the best security controls because they can personally detect suspicious behavior. However, they need to be trained...

5.5 - Perimeter Security (Part I)

The first line of defense is perimeter control at the physical site location, this prevents unauthorized access to the facility. Perimeter security deals with facility and personnel access controls, external boundary protection mechanisms, intrusion detection, and corrective actions. Perimeter Security Defense Model: This defense model works in two main modes:  1) During normal facility operations When the facility is in operation,...

5.4 - Internal Support Systems

When dealing with physical security, consideration for support services must be considered. This is done because malfunctions or disruption could negatively affect the organization in many ways. For example, in August of 2003, eight East Coast states (and parts of Canada) lost power for several days. During the investigation, there were rumors of a worm causing this disruption; however, the official report attributed it to a software bug in GE Energy’s XA/21 system. This left over 50 million people without power for days and resulted in four nuclear...

5.3 - Protecting Assets

In this section, we identify the main physical security components to fight against threats as theft, interruption to services, physical damage, compromised systems and environment integrity, and unauthorized access. The loss from these components being damaged as well as cost to replace these systems, consultant fees, and additional negative effects on productivity and customer confidence are considered real losses. Although, companies are generally prepared for these types of losses, by using risk analysis tools, often times the data held within...

5.2 - The Planning Process

Physical security programs rely on the level of protection needed for the organization which it is designed to protect. Typically, this depends on the organization’s acceptable level of risk. When an organization defines the acceptable level of risk, they must first plan and design the laws and regulations for compliance and its threat profile of the overall organization...

5.1 - Introduction to Physical Security

In the early days of computing (circa 1960-1970), the physical security of computers and their resources were not nearly as difficult as they are now in modern times. This is due to the large size of those computers which comprised mostly of mainframes secured away in server rooms and the fact that a limited number of individuals knew what to do with them. In present day, most computers are compact enough to sit on desks in every company around the world. Also, access to devices and other resources is distributed throughout the environment....

4.4 - Open vs. Closed Systems

Open systems are built upon “standards, protocols, and interfaces that have published specifications”. This type of architecture provides multi-operability between computer products created by various vendors. This interoperability is provided by all the vendors involved who follow certain standards and provide interfaces that enable the system to communicate with other systems. A vast majority of the systems in use today are open. The book states that the reason an administrator can have several different operating systems on computers and they...

4.3 - System Security Architecture

Firstly, security starts at a policy level, to serve as a high-level directive that provides the foundational goals for an overall system. A security policy is a strategic tool that dictates how sensitive information and resources are managed and protected. A security policy states exactly what the security level should become by once the goals of the security mechanisms are defined. The security policy also acts as a baseline for evaluating a system after it is built. Security Architecture Requirements Trusted Computing Base: is a collection...

4.2 - Operating System Architecture

Operating system architectures have undergone changes based on industry functionality and security needs. The architecture identifies how the parts of the operating system operate with each other and the functionality that the applications require. The complexity in operating systems is in the architectural approaches running in the kernel mode. As seen below, in a monolithic architectures, all the operating system processes operate in kernel mode. In...

4.1 - Computer Architecture

Computer architecture encompasses all of the functioning parts of a computer system, including the operating system, memory chips, storage devices, and input and output devices, security components, buses, and networking interfaces. The relationships and internal working of these components can be quite complex, and making them work together in a secure fashion consists of complicated methods and mechanis...

4 - Security Architecture Introduction

A majority of the compromises organizations around the world experience are flaws in software. Amazing strides in the advancement of perimeter security technology (firewalls, intrusion detection systems, etc.) are improved frequently, but the software that carries critical processing still has a lot of vulnerabilities that are exploited on a daily bas...

3.5 - Threats to Access Control

Generally, there is a higher risk that an attacker will attempt to cause issues from within an organization than from outside it.  An attacker from the outside a system can enter through remote access entry points, firewalls and even web servers. This can be a physical break in, carry out social engineering attacks, and exploits via a partner communication paths. Insiders have legitimate reasons for using the systems and resources; however, misuse does occur and could launch an actual attack. The danger of insiders is that they have already...

3.4 - Access Control Practices

In this section, we will discuss additional measures to ensure there are no unnecessary open access to allow the environment to continue at the same level of security that has been established.  What this means is that good access control practices need to be implemented and maintained from the beginning. Lack of periodical updates usually causes the most vulnerabilities in an environment. These updates include: • Deny access to systems to undefined users or anonymous accounts. • Limit and monitor the usage of administrator and other powerful...

3.3 - Access Control Methods

As stated in the last post, access controls are often implemented at various layers of a system. Some of these controls act as core components of operating systems, devices, and applications. Access Control Levels Access control consists of 3 main categories: administrative, technical, and physical.  Each category has different access control mechanisms that are carried out manually or automatically. Administrative Controls Policy and procedures Personnel controls Supervisory structure Security-awareness training Testing Physical Controls Network...

3.2 - Access Controls Techniques & Technologies

As stated by the CISSP All-in-One Exam Guide, Access Control Models are frameworks which dictate how objects are accessed by subjects. These frameworks are enforced by using specific control technologies and security mechanisms of the model. Discretionary Access Control (DAC) Gives the resource owner the ability to specify the subjects can access specific resources. The model is named “discretionary” due to the control of access which is based on the owner’s discretion. (e.g. department managers as owners of the data within their can specify...

3.1 - Access Controls & Authorization

In this section, I will be discussing Access Controls, the second domain of information security.  Access Controls: When protecting assets, access controls act as first line defense security. An example of this can be the verification of logging into web applications, which restrict access to unauthorized users. These controls are typically inherent administrative, physical, or technical in nature and should be applied in a layered approach, ensuring that an intruder would have to compromise more than one countermeasure to access critical assets. Security...