Click here to load reader

CISP 课程培训知识总结

  • View
    235

  • Download
    3

Embed Size (px)

DESCRIPTION

CISP 课程培训知识总结. 中 国信息安全测评中心. CISP 课程培训知识总 结(安全综合). 主 题. 一、信息安全保障基本知识 二、信息安全保障实践 三、信息安全管理体系 四、信息安全风险管理 五、基本信息安全管理 六、重要信息安全管理措施 七、安全工程原理 八、安全工程实践 九、法律法规 十、安全标准. 课程内容. 通信 (电报 \ 电话). COMSEC. 通信安全. COMPUSEC. 计算机. 计算机安全. 信息系统安全. 信息安全保障. 网络空间安全 / 信息安全保障. INFOSEC. 网络. - PowerPoint PPT Presentation

Text of CISP 课程培训知识总结

ThemeGallery PowerTemplate

CISP 2

CISP

45

\6COMSECCOMPUSECINFOSECIACS/IA/ 7

GB/T 20274.1-2006 8P2DRP2DRP2DR9

IAIATF10

111212

1314

1516

1616161617

17

18 19

20

21

ISMS

2222ISMSInformation Security Management System 2324

252627GB/T22080-2008 .PDCA

(plan)(do)checkaction

28

29

ISO 2700030ISO 2700027000~2700327004~27007 27000

27001

27002

2700327004

27005

27006

27007 XXX27001270022700027006270052700327004 ISO 270003127001AISMSISMSP)

(D)

(C)

(A)

32P1-ISMSP2-ISMSP3-P4-P5-P6-P7-SoA

33D1-D2-D3-D4-

D5-ISMSD6-ISMS

D7-D8-34C1-ISMSC2-ISMSC3-ISMSC4-C5-C6-C7-C8-C9-C10-C11-ISMS

35A1-ISMS

A2-

A3-ISMS

A4-36

37

3839

40GB/Z 24364

+=41

42AssetThreat Agent Threat VunerabilityCountermeasure,safeguard,controlLikelihood,Probability Impact,loss RiskResidental Risk

43

GB/Z 24364 --4445

ReadinessRealization CalculationReport SLA

46GB/T 20984-2007

47

=RATV= R(L(TV)F(IaVa ))RATV IaVaLF

1. 481-AV,2-SLESLE SLE SLE (EF) SLE 3-AROARO .494-ALEALE SLE ARO ALE 5-.6-ROSI( ALE ALE= ROSI

50

515252

53 GB/T 22081:2008ISO/IEC 270022005

1139133

545556

57 5960Emergency Response Plan / 123616263RPO/RTO

64

65/RTO/RPO66GB/T 20988

67

6869SSE-CMM

70

71CMM Capability Maturity ModelCMM72SSE-CMMCapability DimensionDomain Dimension

2.4PA 05 73SSE-CMMPAProcess AreaBPBase PracticeBPPABPPASSE-CMM74Base PracticesBase PracticesBase PracticesBase PracticesBase PracticesProcess AreasProcess AreasProcess AreasBP,Base PracticePA129PAProcess AreaBPPA22PA SSE-CMMProcess Capability76GPGeneric Practice CFCommon FeatureGP0-56SSE-CMMSSE-CMMPA

543210PA01PA02PA03PA04PA0578-22PAPAEngineering PAOrganization PAProject PA11PA111179-PAVerify and Validate SecurityPA11Specify Security NeedsPA10Provide Security InputPA09Monitor Security PosturePA08Coordinate SecurityPA07Build Assurance Argument)PA06Assess VulnerabilityPA05Assess ThreatPA04Assess Security Risk)PA03Assess ImpactPA02Administer Security ControlsPA0180-PAPA22PA21PA20PA19PA18PA17PA16PA15PA14PA13PA128112345 082SSE-CMMSSE-CMM

83

84 85ISSEISSE

86

8889CISP 40

901 285286287285912 28528628728628792 29

4247689393 1011

10 11 94 1195119892010429101

95 2---30---20---1096 3---97 448 98///// / / 9999

100101

GB GB/T GB/Z

102( WG1)(WG2WG3WG4WG5WG6 WG7103

TCSECGB/T18336CC CCCCTOEPPSTEALCCCEM GB/T20274

104(TCSEC)1970,1985,ABCDA1B3B2B1C2C1D

105(ITSEC)TCSECF1-F101015TCSECDA610F6 F7F8 F9F106E1 E2E3 E4 E5 E6

106CC 19931996V 1.0, 1998V 2.019996199912ISOISO/IEC 15408ITSECFC107CC TOE(Target of Evaluation)PP (Protection ProfileST( Security Target(Function)(Assurance)(Component)(Package)EAL( Evaluation Assurance Level

108 ISO27001ISO27002CoBITITIL GB/T 20984GB/Z 24364GB/Z 20985GB/Z 20986GB/T 20988

109GB/T 22240GB/T 22239

1101994147 GB 17859-1999:::::111

112CISP

114 194919491949197519491975 1976

115115Stream cipher

116116Block cipherDESIDEARC2RC4RC5Stream cipherOne-time paddingVigenreVernam

117DES56bit3DESDESIDEA128bitAES

117.N n(n-1)/2.

118

119RSADH119N N. 120121AB

A BA

B

A

A

122

123

VPN124124124VPNVPNVPNVPN 125125PPTPPoint to Point Tunnel ProtocalL2TPLayer2 Tunneling Protocol IPSECInternet Portocol Security SOCKs

VPDNVirtual Private Dial Network Intranet VPN Extranet VPN

VPNVPN4 VPNPPTPL2FL2TPIPSECSSL

126126VPNVPN

PKIPKIPublic Key InfrastructurePKIPKI127127PKI/CAPKI CA128128CAPKI,,, PKIPKI

PKI129129129PKIPKICA CA

130130RARAPKICACARACARARACARACARA

131

132132

133133

134134 -

135135 136

136MACDACACLCapacity ListBell-Lapudula Biba Clark-Wilson Chinese Wall RBAC137137/(Access Control Lists)(Capacity List)

138139BLP1973Biba1977BibaBLPClark-Wilson1987David ClarkDavid WilsonChinese Wall1989D. BrewerM. Nash

140140

141141What you know What you have What you are

142142RADIUSTACACSTACACS+Diameter143

144P2P

145

146TCP/IPOSI147TCP/IP148TCPUDPICMPIPIGMPARPRARPIPTCP/IPIPunreliableconnectionlessIP149

TCP:TCPTCP15016163232U A P R S F161616 UDPUDP151161616UDP16UDP

152

15315312WEP5Walker

WAPI

WAPI154154WAPI1WAPI23WAPI4WAPI5WAPI155IPVLAN

156

157--158--159Network IDS)(Host IDS)

--160&

Internet

Intranet

HIDS

NIDS

NIDS

161IPSSocUTMNAC

162LinuxPasswd()Shadowrootrootsuroot shellroot

16316412 SUID/SGID

#ls al testdrwxr-xr-x 3 root root 1024 Sep 13 11:58 test

unix101:d-l 2-10"r""w""x"9(3)(mode bits)

165165umask!166rwxr-xr-xStickysgidsuidrwxr-xr-x111rwsr-sr-t-r-s--x--x 1 root root 10704 Apr 15 2002 /usr/bin/passwd ^SUIDWindows(MBR)(NT)NTLDR Boot.iniNtdetect.comBIOSSYSTEMNtoskrnl.exewindowsSmss.exe

167WindowsSAMWindows168WindowsWindowsACL()WFPWindowsEFS

169WindowsDLL

170Windows171()DNSIISFTP

172Windows

--

Windows(U)173173Windows2000/XP/2003$WINNTWindowsADMIN$.EFSsyskeySAM

174SQLSQL175SQLCREATEDROPALTERSELECTINSERTUPDATEDELETEGRANTREVOKEDENYBEGIN COMMITROLLBACK/DECLARE,EXPLAIN,OPEN,FETCH,CLOSE,PREPARE,EXECUTE,DESCRIBE

:

176177

178 SQL

create view [([] )] as [with check option] [CONSTRAINT constraint]]179PRIMARY KEYFOREIGN KEY180181Begin TransactionEnd Transaction 182WebHTTPWeb183IIS184

/

185

186FTPVPNFTP

187FTP/FTP[PR85]FTPFTPFTP

188189

-!190190

191192

193 Autoexec.bat /Config.sys/win.ini/system.ini /IE

194DLLHook195196

197:

198TOE199CVECommon Vulnerabilities & ExposuresNVDSecuniaSecurity Focus BugtraqIBMISS X-ForceCNNVD

200CNNVDChina National Vulnerability Database of Information SecurityCNNVD201202203

204Dynamic taint analysisxyxt(y)ttyytaint sink204

205206

IP

207-208

IPIP SpoofDNSARPTCP

209SYN FloodUDP FloodTeardropLANDSmurf

210211

88SQL SQL SQL Injection 212http://www.test.com/showdetail.asp?id=49 And (Select top1 table_name from user.tables);--

Select * from where =49 And (update user set passwd=123 where username=admin);

213Security Development Lifecycle (SDL)SDL214

SDL215

12ASR3Threat Modeling216217218219CISPCISPCISECISO10%10%50%30%20%40%10%10%10%10%2212B2 10015

222A010

223224http://www.cisphome.cn

..................

PKI

(Confidentiality)

(Integrity) TimeStamp

Availability

N/A

(Authentication)

(Non-repudiation)

(Authorization & Access Control) N/A

Search related