The Official (ISC)2 Guide to the SSCP CBK, 4th Edition

Content: Foreword xvii    Introduction xix     DOMAIN 1: ACCESS CONTROLS 1     Objectives 3     Access Control Concepts 3     Applying Logical Access Control in Terms of Subjects 4     Applying Logical Access Control in Terms of Objects or Object Groups 9     Implementing Access Controls 11     Discretionary Access Control 11     Role-Based Access Controls 14     Nondiscretionary Access Control 21     Mandatory Access Control 21     Attribute-Based Access Control 22     Security Architecture and Models 23     Bell   LaPadula Confidentiality Model 23     Biba and Clark   Wilson Integrity Models 24     Additional Models 26     Implementing Authentication Mechanisms   Identification, Authentication, Authorization, and Accountability 27     Identification (Who Is the Subject?) 27     Authentication (Proof of Identity) 29     Authorization 51     Authentication Using Kerberos 55     User/Device Authentication Policies 58     Comparing Internetwork Trust Architectures 59     Internet 59     Intranet 60     Extranet 60     Demilitarized Zone (DMZ) 60     Trust Direction 61     One-Way Trust 62     Two-Way Trust 62     Trust Transitivity 62     Administering the Identity Management Lifecycle 62     Authorization 62     Proofing 63     Provisioning 63     Maintenance 63     Entitlement 63     Summary 63     Sample Questions 64     Notes 67     DOMAIN 2: SECURITY OPERATIONS 71     Objectives 73     Code of Ethics 74     Code of Ethics Preamble 74     Code of Ethics Canons 75     Applying a Code of Ethics to Security Practitioners 76     Security Program Objectives: The C-I-A Triad and Beyond 77     Confidentiality 77     Integrity 78     Availability 79     Non-Repudiation 80     Privacy 80     Security Best Practices 82     Designing a Security Architecture 82     Secure Development and Acquisition Lifecycles 95     System Vulnerabilities, Secure Development, and Acquisition Practices 101     Hardware/Software 104     Data 106     Disclosure Controls: Data Leakage Prevention 118     Technical Controls 119     Operational Controls 121     Managerial Controls 121     Implementation and Release Management 130     Systems Assurance and Controls Validation 132     Change Control and Management 132     Configuration Management 135     Security Impact Assessment 139     System Architecture/Interoperability of Systems 139     Patch Management 140     Monitoring System Integrity 142     Security Awareness and Training 142     Interior Intrusion Detection Systems 146     Building and Inside Security 152     Securing Communications and Server Rooms 166     Restricted and Work Area Security 169     Data Center Security 170     Summary 177     Sample Questions 178     Notes 181     DOMAIN 3: RISK IDENTIFICATION, MONITORING, AND ANALYSIS 185     Objectives 187     Introduction to Risk Management 187     Risk Management Concepts 187     Security Auditing Overview 203     Responding to an Audit 208     Exit Interview 208     Presentation of Audit Findings 208     Management Response 208     Security Assessment Activities 209     Vulnerability Scanning and Analysis 209     Penetration Testing 224     Operating and Maintaining Monitoring Systems 239     Security Monitoring Concepts 239     Attackers 245     Intrusions 246     Events 247     Types of Monitoring 247     Log Files 249     Source Systems 257     Security Analytics, Metrics, and Trends 258     Visualization 260     Event Data Analysis 261     Communication of Findings 266     Going Hands-on   Risk Identification Exercise 266     Virtual Testing Environment 267     Creating the Environment 268     Summary 279     Sample Questions 280     Notes 283     DOMAIN 4: INCIDENT RESPONSE AND RECOVERY 285     Objectives 287     Incident Handling 287     Preparation 289     Detection and Analysis 296     Containment, Eradication, and Recovery 306     Post-Incident Activity 308     Recovery and Business Continuity 319     Business Continuity Planning 319     Disaster Recovery Planning 326     Plan Testing 330     Plan Review and Maintenance 333     Summary 340     Sample Questions 341     Notes 344     DOMAIN 5: CRYPTOGRAPHY 345     Objectives 346     Encryption Concepts 347     Key Concepts and Definitions 347     Foundational Concepts 350     Evaluation of Algorithms 355     Hashing 356     Encryption and Decryption 361     Symmetric Cryptography 361     Asymmetric Cryptography 376     Hybrid Cryptography 381     Message Digests 382     Message Authentication Code 382     HMAC 383     Digital Signatures 383     Non-Repudiation 384     Methods of Cryptanalytic Attack 385     Data Sensitivity and Regulatory Requirements 390     Legislative and Regulatory Compliance 390     End-User Training 394     Public Key Infrastructure (PKI) 395     Fundamental Key Management Concepts 397     Management and Distribution of Keys 404     Secure Protocols 413     Going Hands-on with Cryptography   Cryptography Exercise 417     Requirements 417     Setup 418     Key Exchange and Sending Secure E-mail 431     Conclusion 439     Summary 439     Sample Questions 440     End Notes 443     DOMAIN 6: NETWORKS AND COMMUNICATIONS SECURITY 447     Objectives 449     Security Issues Related to Networks 449     OSI and TCP/IP Models 450     IP Networking 460     Network Topographies and Relationships 467     Commonly Used Ports and Protocols 477     Telecommunications Technologies 496     Converged Communications 496     VoIP 499     POTS and PBX 500     Cellular 501     Attacks and Countermeasures 501     Control Network Access 503     Hardware 507     Wired Transmission Media 509     Endpoint Security 513     Voice Technologies 513     Multimedia Collaboration 515     Open Protocols, Applications, and Services 516     Remote Access 517     Data Communication 522     LAN-Based Security 522     Separation of Data Plane and Control Plane 522     Segmentation 523     Media Access Control Security (IEEE 802.1AE) 526     Secure Device Management 527     Network-Based Security Devices 530     Network Security Objectives and Attack Modes 531     Firewalls and Proxies 534     Network Intrusion Detection/Prevention Systems 537     IP Fragmentation Attacks and Crafted Packets 544     DoS/DDoS 547     Spoofing 551     Wireless Technologies 555     Wireless Technologies, Networks, and Methodologies 555     Transmission Security and Common Vulnerabilities and Countermeasures 558     Summary 563     Sample Questions 564     End Notes 568     DOMAIN 7: SYSTEMS AND APPLICATION SECURITY 577     Objectives 580     Identifying and Analyzing Malicious Code and Activity 580     CIA Triad: Applicability to Malcode 581     Malcode Naming Conventions and Types 582     Malicious Code Countermeasures 598     Vectors of Infection 611     Malicious Activity 614     How to Do It for Yourself: Using the Social Engineer Toolkit (SET) 615     Long File Extensions 619     Double File Extensions 619     Fake Related Extension 622     Fake Icons 623     Password-Protected ZIP Files/RAR 624     Hostile Codecs 624     E-mail 624     Insider Human Threats 626     Insider Hardware and Software Threats 628     Spoofing, Phishing, Spam, and Botnets 630     Spoofing 630     Phishing 631     Spam 633     Botnets 635     Malicious Web Activity 638     Cross-Site Scripting (XSS) Attacks 639     Zero-Day Exploits and Advanced Persistent Threats (APTs) 639     Brute-Force Attacks 641     Instant Messaging 643     Peer-to-Peer Networks 643     Internet Relay Chat 644     Rogue Products and Search Engines 645     Infected Factory Builds and Media 645     Web Exploitation Frameworks 645     Payloads 646     Backdoor Trojans 646     Man-in-the-Middle Malcode 647     Identifying Infections 649     Malicious Activity Countermeasures 652     Third-Party Certifi cations 655     The Wildlist 656     Questionable Behavior on a Computer 656     Inspection of Processes 658     Inspection of the Windows Registry 659     How to Do It for Yourself: Installing Strawberry Perl in Windows 7 or Windows 8 659     Inspection of Common File Locations 661     Behavioral Analysis of Malcode 666     Static File Analysis 669     Testing Remote Websites Found in Network Log Files 677     Testing of Samples in Virtualized Environments 683     Free Online Sandbox Solutions 686     Interactive Behavioral Testing 687     Malcode Mitigation 687     Strategic 687     Tactical 689     Implementing and Operating End-Point Device Security 691     Host-Based Intrusion Detection System 691     Host-Based Firewalls 692     Application Whitelisting 692     Endpoint Encryption 693     Trusted Platform Module 693     Mobile Device Management 694     Secure Browsing 695     Operating and Confi guring Cloud Security 696     The Five Essential Characteristics of Clouds 696     Deployment Models 697     Service Models 699     Virtualization 702     Legal and Privacy Concerns 704     Classifi cation of Discovered Sensitive Data 709     Mapping and Defi nition of Controls 710     Application of Defined Controls for Personally Identifiable Information (PII) 711     Data Storage and Transmission 712     Threats to Storage Types 716     Technologies Available to Address Threats 716     DLP 716     Encryption 719     Sample Use Cases for Encryption 720     Cloud Encryption Challenges 720     Encryption Architecture 722     Data Encryption in IaaS 722     Key Management 724     Encryption Alternatives and Other Data Protection Technologies 726     Data Masking/Data Obfuscation 726     Data Anonymization 727     Tokenization 728     Third-Party/Outsourcing Implications 729     Data Retention Policies 729     Data Deletion Procedures and Mechanisms 730     Data Archiving Procedures and Mechanisms 731     Event Sources 732     Data Event Logging and Event Attributes 735     Storage and Analysis of Data Events 736     Securing Big Data Systems 738     Operating and Securing Virtual Environments 740     Software-Defined Network (SDN) 741     Virtual Appliances 741     Continuity and Resilience 742     Attacks and Countermeasures 743     Security Virtualization Best Practices 744     Summary 750     Sample Questions 750     End Notes 757     APPENDIX A: ANSWERS TO SAMPLE QUESTIONS 769     Domain 1: Access Controls 770     Domain 2: Security Operations 777     Domain 3: Risk, Identification, Monitoring, and Analysis 785     Domain 4: Incident Response and Recovery 793     Domain 5: Cryptography 798     Domain 6: Networks and Communications Security 805     Domain 7: Systems and Application Security 814     APPENDIX B: DNSSEC WALKTHROUGH 831     Hardware and Software Requirements 832     Configuring the Test Lab 832     Configuring DC1 832     Creating a Domain Administrator Account 834     Configuring the sec.isc2.com DNS Zone 834     Enabling Remote Desktop on DC1 835     Configuring DNS1 835     Installing the OS and Configuring TCP/IP on DC1 836     Installing and Configuring DNS on DNS1 836     Signing a Zone on DC1 and Distributing     Trust Anchors 837     Distributing a Trust Anchor to DNS1 838     Verifying Trust Anchors 838     Querying a Signed Zone with DNSSEC Validation Required 838     Unsigning the Zone 839     Resigning the Zone with Custom Parameters 840     APPENDIX C: GLOSSARY OF TERMS RELATED TO THE SSCP 841     Index 873