robchi's version from 2018-04-14 13:09

Orange Book Levels

Question Answer
A1Built, installed, and delivered in a secure manner
B1Security labels (MAC)
B2Security labels and verification of no covert channels (MAC
B3Security labels, verification of no covert channels, and must stay secure during startup (MAC)
C1Weak protection mechanisms (DAC
C2Strict login procedures (DAC)
D1Failed or was not tested

OSI Model

Question Answer
ApplicationServes as the point of integration for user applications with the network
PresentationTransforms user-friendly data into machine-friendly data; encryption
SessionEstablishes, maintains, and terminates sessions
TransportManages connection integrity; TCP, UDP, SSL, TLS
NetworkRouting packets over the network; IP, ICMP, BGP, IPsec, NAT
Data LinkFormats packets for transmission; Ethernet, ARP, MAC addresses
PhysicalEncodes data into bits for transmission over wire, fiber, or radio


Ports and Services
Question Answer
20, 21FTP
135, 137-139, 445Windows File Sharing
1433/1434SQL Server
9100HP JetDirect Printing

Common Criteria Assurance levels:

Question Answer
EAL 1Functionally tested, all the threats to security are not seen as serious.
EAL 2Structurally tested, low to moderate level of independently guaranteed security..
EAL 3Methodically tested and checked, moderate level of independently ensured security.
EAL 4Methodically designed, tested and reviewed. Developers or users require a moderate to high level of independntly ensured security.
EAL 5Semiformally designed and tested, the requirement is hight level of independently ensured security.
EAL 6Semiformally verified, designed and tested, for hight risk situations.
EAL 7Formally verified, designed and tested, for extremelly high risk situations.

Access Controls

Question Answer
LOCKSPhysical, Preventative
LocksPhysical, Preventative
ID BadgesPhysical, Preventative
Security OfficerPhysical, Preventative
Biometric ScannerPhysical, Preventative
MantrapPhysical, Preventative
Motion DetectorsPhysical, Detective
CamerasPhysical, Detective
LightsPhysical, Deterent
Fence/BarrierPhysical, Deterent
Redundant FacilitiesPhysical, Recovery
ACLsTechnical, Preventative
RoutersTechnical, Preventative
CryptographyTechnical, Preventative
HIPSTechnical, Preventative
SmartcardsTechnical, Preventative
LogsTechnical, Detective
IDS/IPSTechnical, Detective
System ImagesTechnical, Corrective
Data BackupsTechnical, Recovery
PoliciesAdministrative, Preventative
Separation of DutiesAdministrative, Preventative
Classification SystemAdministrative, Preventative
TestingAdministrative, Preventative
Employee TrainingAdministrative, Preventative
MonitoringAdministrative, Detective
Job RotationAdministrative, Detective
InvestigationsAdministrative, Detective

OSI Layers, with description (and protocols/function)

Question Answer
Application7, Software that is requesting or receiving a network communication, (Web browser email client FTP client)
Presentation6, Responsible for translating between software encoding and human readable format (doc, jpg, gif, xls, wri, etc)
Session5, Establishes a logical connection between software endpoints, (FTP 20/21, ssh 22, HTTP 80, HTTPS 443, NTP 123)
Transport4, Segments traffic for reliable or best effort transmission between hosts (TCP, UDP, SPX)
Network3, Configures packs for intra-subnet and inter-subnet communications (IPv4, IPv6, IPX)
Data Link2, Applies physical addresses to the data creating a switchable frame, (MAC addresses)
Physical1, Convert the data into the format appropriate for the associated media (Hubs, fiber optics, copper, electricity, RF)


Question Answer
AlgorithmA set of mathematical rules used to create the encryption function within a cryptosystem
CryptographyScience of secret writing
CryptosystemHardware and or software implementation of cryptography (protocols, keys, physical infrastructure, etc)
CryptanalysisThe practice of uncovering flaws in cryptosystems
CryptologyThe study of cryptography and cryptanalysis
EncipherTo apply cryptography to data (plaintext to ciphertext)
DecipherTo apply cryptography to data (ciphertext to plaintext)
KeyA sequence of bit to be used to create the instructions to control the cryptographic function through an algorithm
Key Clusteringwhen two different keys generate the same ciphertext from the same plaintext
Key Spacerange of possible values that are used to create the keys for the cryptosystem
Plaintextunencrypted text
Ciphertextencrypted plaintext


Question Answer
RSAAsymmetric, Encryption, Digital Signature, Key Distribution
ECCAsymmetric, Encryption, Digital Signature, Key Distribution
Diffie-HellmanAsymmetric, Key Distribution
DHEAsymmetric, Key Distribution
ECDHEAsymmetric, Key Distribution
El GamalAsymmetric, Encryption, Digital Signature, Key Distribution
DSAAsymmetric, Digital Signature
KnapsackAsymmetric, Encryption, Digital Signature, Key Distribution
DESSymmetric, Encryption
3DESSymmetric, Encryption
BlowfishSymmetric, Encryption
TwoFishSymmetric, Encryption
IDEASymmetric, Encryption
RC4Symmetric, Encryption
AESSymmetric, Encryption
SAFERSymmetric, Encryption
MD2Hashing, Hashing Function
MD4Hashing, Hashing Function
MD5Hashing, Hashing Function
SHA-1Hashing, Hashing Function
SHA-128Hashing, Hashing Function
SHA-256Hashing, Hashing Function
HAVALHashing, Hashing Function
RIPEMDHashing, Hashing Function
TigerHashing, Hashing Function

Symmetric Key (Single Key, Same key used for encryption and decryption, Key must be securely exchanged between sender/recipient,Fastest encryption technique)

Question Answer
DES(56-bit key) Block
3DES(168-bit key) Block
AES(128 or 256-bit key) Block
IDEA(128-bit key) Block
RC5/RC6(Variable 64 to 256-bit key) Block
RC4(40– 2048 bits) Stream

The Five Modes of DES

Question Answer
Electronic codebook (ECB ) modeleast secure, each 64-bit block is encrypted by 56-bit key
Cipher block chaining (CBC) modeeach block of unencrypted text is XORed with previous block of ciphertext before getting encrypted. First block of message XORed with IV. IV must be sent in plaintext or in ECB mode (often with same key as used in CBC mode). Note: if one block is corrupted, you can't decrypt anything after.
Cipher feedback (CFB) modeworks just like CBC, but operates against data produced in real-time (like a stream cipher but with blocks). As block-sized buffer fills, data is sent.
Output feedback (OFB) modelike CFB , but each block is decrypted and then XORed with a seed value. Seed value is created by IV, and after each block the DES algorithm is run on seed value to change it. A corrupted part of the message won't ruin the whole thing.
Counter (CTR) modelike OFB. Uses a counter that increments instead of a seed value.

Security Models

Question Answer
Bell-LaPadula model (Confidentiality)This is the first mathematical model of a multilevel security policy that defines the concept of a secure state and necessary modes of access. It ensures that information only flows in a manner that does not violate the system policy and is confidentiality focused.
Bell-LaPadula model (Confidentiality)The simple security rule - A subject cannot read data at a higher security level (no read up).
Bell-LaPadula model (Confidentiality)The " * " - property rule. A subject cannot write to an object at a lower security level (no write down). The strong star property rule: A subject can perform read and write functions only to the objects at its same security level.
Biba model (Integrity)A formal state transition model that describes a set of access control rules designed to ensure data integrity.
Biba model (Integrity)The simple integrity axiom - A subject cannot read data at a lower integrity level (no read down).
Biba model (Integrity)The " * "-integrity axiom - A subject cannot modify. An object in a higher integrity level (no write up).
Clark-Wilson model (Integrity)This integrity model is implemented to protect the integrity of data and to ensure that properly formatted transactions take place. It addresses all three goals of integrity:
Clark-Wilson model (Integrity)Subjects can access objects only through authorized programs (access triple).
Clark-Wilson model (Integrity)Separation of duties is enforced.
Clark-Wilson model (Integrity)Auditing is required.
Brewer and Nash modelThis model allows for dynamically changing access controls that protect against conflicts of interest.
Brewer and Nash modelAlso known as the Chinese Wall model.

Some Risk Analysis Equations to memorize

Question Answer
Single Loss Expectancy (SLE)is the cost of a single loss. It equals AV (Asset Value) x EF (Exposure Factor)
Annualized Loss Expectancy (ALE)is your yearly cost due to a risk. It is calculated by multiplying the Single Loss Expectancy (SLE) times the Annual Rate of Occurrence (ARO)
Return on Investment (ROI)is the amount of money saved by implementing a safeguard
Quantitative Risk Analysisuses hard metrics, such as dollars, more objective
Qualitative Risk Analysisuses simple approximate values; more subjective
RiskThreat × Vulnerability
Exposure Factor (EF) is the percentage of value an asset lost due to an incident

Cryptographic attacks (Cryptographic attacks are used by cryptanalysts to recover the plaintext without the key)

Question Answer
brute-force attackgenerates the entire keyspace, which is every possible key.
known plaintextrelies on recovering and analyzing a matching plaintext and ciphertext pair, the goal is to derive the key which was used.
chosen plaintext and adaptive chosen plaintexta cryptanalyst chooses the plaintext to be encrypted in a chosen plaintext attack; the goal is to derive the key. Adaptive chosen plaintext begins with a chosen plaintext attack in round 1. The cryptanalyst then “adapts” further rounds of encryption based on the previous round.
chosen cipher text and adaptive chosen cipher text mirror chosen plaintext attacks: the difference is that the cryptanalyst chooses the cipher text to be decrypted. This attack is usually launched against asymmetric crypto-systems, where the cryptanalyst may choose public documents to decrypt which are signed (encrypted) with a user’s public key.
meet-in-the-middle attackencrypts on one side, decrypts on the other side, and meets in the middle.
known key attackthe term is misleading, if the cryptanalyst knows the key, the attack is over. Known key means the cryptanalyst knows something about the key, to reduce the efforts used to attack it. If the cryptanalyst knows that the key is an uppercase letter and a number only, other characters may be omitted in the attack.
differential cryptanalysisseeks to find the “difference” between related plaintexts that are encrypted.
linear cryptanalysisis a known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key.
side-channel attacksuse physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting.
birthday attackis used to create hash collisions. Just as matching your birthday is difficult, finding a specific input with a hash that collides with another input is difficult. However, just like matching any birthday is easier, finding any input that creates a colliding hash with any other input is easier due to the birthday attack.
key clusteringoccurs when two symmetric keys applied to the same plaintext produce the same ciphertext. This allows two different keys to decrypt the ciphertext

Redundant array of inexpensive disks (RAID)

Question Answer
mirroringis the most obvious and basic of the fundamental RAID concepts, and is simply used to achieve full data redundancy by writing the same data to multiple hard disks.
stripingis a RAID concept that is focused on increasing the read and write performance by spreading data across multiple hard disks. With data being spread amongst multiple disk drives, reads and writes can be performed in parallel across multiple disks rather than serially on one disk.
parityis a means to achieve data redundancy without incurring the same degree of cost as that of mirroring in terms of disk usage and write performance
RAID 0Striped Set As is suggested by the title, employs striping to increase the performance of read and writes. By itself, striping offers no data redundancy so it is a poor choice if recovery of data is the reason for leveraging RAID.
RAID 1Mirrored Set This level of RAID is perhaps the simplest of all RAID levels to understand. It creates/writes an exact duplicate of all data to an additional disk. The write performance is decreased, though the read performance can see an increase.
RAID 2Hamming Code of this RAID is not considered commercially viable for hard disks and is not used. This level of RAID would require either 14 or 39 hard disks and a specially designed hardware controller, which makes this RAID incredibly cost prohibitive. is not likely to be tested.
RAID 3Striped Set with Dedicated Parity (byte level) Striping is desirable due to the performance gains associated with spreading data across multiple disks. However, striping alone is not as desirable due to the lack of redundancy. With this RAID data, at the byte level, is striped across multiple disks, but an additional disk is leveraged for storage of parity information, which is used for recovery in the event of a failure.
RAID 4Striped Set with Dedicated Parity (block level) provides the exact same configuration and functionality as that of RAID 3, but stripes data at the block, rather than byte, level.
RAID 5Striped Set with Distributed Parity One of the most popular RAID configurations is this, Striped Set with Distributed Parity. Again with this version there is a focus on striping for the performance increase it offers, and it leverages a block level striping. Like RAIDs 3 and 4, this writes parity information that is used for recovery purposes. However, unlike RAIDs 3 and 4, which require a dedicated disk for parity information, this distributes the parity information across multiple disks.
RAID 6Striped Set with Dual Distributed Parity While RAID 5 accommodates the loss of any one drive in the array, this RAID can allow for the failure of two drives and still function. This redundancy is achieved by writing the same parity information to two different disks.

XOR Table

Question Answer
0 and 00
0 and 11
1 and 01
1 and 1 0
Same numbers0
Different numbers1

Recent badges