Click here to load reader

Supplement V1.2

  • View

  • Download

Embed Size (px)



Text of Supplement V1.2

  • 1. The slide is for education purpose only. Please leave your comment if there is any copyright infringement. I will delete it immediately. Thank you.

2. ) () 3. Qualitative Risk Analysis Example TANet 4. FMEA Output RPN=SEV x PF x DETPRN: Risk Priority NumberSEV:SeverityPF:Probability FactorDET:Detection Effectiveness Rers: 5. Fault Tree Analysis 6. I. Risk Assessment in NIST SP-800 30source: NIST Sp800-30 7. I. Risk Assessment in NIST SP-800 30(cont.)source: NIST Sp800-30 8. Risk Management Threats Risk IdentificationVulnerabilitiesQuantitative AnalysisQualitativeAnalysisRisk Risk AnalysisFMEAAssessment FTAOCTAVERisk Likelihood Management RiskEvaluation Impact AcceptanceReduction RiskMitigation TransferenceAvoidance 9. Access Control 10. Access Control Conceptual DiagramAccess Control 2007/6/8AnythingYou DoIdentify IdentificationWill Be YouselfLoggedProve ItAccountability Authentication(I need toVerify you) Do What I AuthorizationTell You toDo 11. TACACS+ and RADIUS Comparison Criterion TACACS+RADIUSTransport TCP (reliable; more overhead)UDP (unreliable; higher performance)Authentication Can be separated (more flexible)CombinedandAuthorizationMultiprotocol Supported (IP, Apple, NetBIOS, IP onlySupport Novell, X.25)Access to Supports two methods to controlNot supportedRouter CLIthe authorization of routerCommandscommands on a per-user or per-group basisEncryptionPacket payload Passwords only ails/ 12. RADIUS and Diameter Comparison Characteristic RADIUSDiameter Transport protocol Connectionless (UDP 1812).Connection-oriented (TCP, SCTP,3868). Transport security Optional IPsec. IPsec or Transport Layer Security(TLS) is required. Architecture Client-Server model Peer-to-peer model StateStateless Stateful(Session ID, transactionstatus) Authentication Pre-shared keyPre-Shared key, digital certificatePAP, CHAP, EAPPAP, CHAP, EAPOnly client to server re- Mutual re-authenticationauthentication AuthorizationBind with re-authentication Re-authorization any time Accounting Real-time accountingReal-time accounting ConfidentialityOnly encrypt password Encrypt all data, or IP header(IPSec) IntegrityPoorGood ScalabilityPoorGood ExtensibilityVendor-specific Public use Security model Supports only hop-by-hop security. Supports end-to-end and hop-to-Every hop can modify information hop security. End-to-end guaranteesthat cannot be traced to its origin. that information cannot be modified without notice. 13. XACML Policy Sample SampleServer 14. SPML Scenario 15. Cryptography 16. 2DES Meet-in-the-Middle AttackIf DES1 encrypted output equals DES2 decrypted output, then key1 and key2 crackedknown knownSource: 17. Keyed Hash HMAC Source: 18. Algebraic Cryptanalysis EE Message E 19. Null Cipher A re you deaf, Father W illiam ! the young m an said,D id you hear w hat I told you just now ? E xcuse m e for shouting! D ont w aggle your headLike a blundering, sleepy old cow !A little m aid dw elling in W allington Tow n, Is m y friend, so I beg to rem ark:D o you think shed be pleased if a book w ere sent dow n E ntitled The H unt of the Snark? - Pack it up in brow n paper! the old m an cried,A nd seal it w ith olive-and-dove. I com m and you to do it! he added w ith pride, N or forget, m y good fellow , to send her besideE aster G reetings, and give her m y love. 20. Diffie-Hellman Key Agreement Operation 21. Diffie-Hellman Key Agreement Operation 22. Security Architecture and Design 23. Zachman Framework An Overview of Enterprise Architecture Framework Deliverables by Frank Goethals 24. DoDAF Framework Enterprise Architecture A-to-Z 25. EAL Stats 26. Common Criteria Flowan implementation- independent Protection Category of Product statement of security Profile(i.e., firewalls) needs for a TOE type.a set of software, firmware and/or Target of Specific Product (i.e., hardware possibly EvaluationCisco PIX 5xx) accompanied by guidance. Security Vendor claims: an implementation- Specifications and dependent statement Target features of security needs for a specific identified TOEFunctional Assurance Requirements Requirements 27. Implementation of Evaluated ProductsTEST plan based onEvaluationstated requirements EAL Levels1 Functionally Tested 2 Structurally Tested 3 Methodically Tested 4 Methodically Designed, Tested, Reviewed 5 Semiformal testing 6 Semiformal verification 7 Formal verification and testing Based on production Certificationenvironment Accreditation 28. Storage Systems 29. Application Security 30. KDD Process 31. Neural Network 32. Expert 33. Waterfall Method 34. Spiral Method 35. Iterative Method Wikipedia 36. Inheritance Parent Class Animal Virtual Function Talk() Child Class Child Class Cat Dog Function Talk("") Function Talk("") 37. Polymorphism 1. class Animal { 2. virtual public Talk(){ } 3. } 4. class Dog extends Animal { 5. public Talk() { speak "" } 6. } 7. class Cat extends Animal { 8. public Talk() { speak "" } 9. } 10.Function AnimalTalk( Animal objSomeAnimal) 11.{ 12. objSomeAnimal.Talk; //polymophism; late binding 13.} 14.Animal objCat = new Cat; 15.Animal objDog = new Dog; 16.//Without polymorphism 17.objCat .Talk;//"" 18.objDog .Talk;//"" 19.//With polymorphism 20.AnimalTalk(objCat); //"" 21.AnimalTalk(objDog); //"" AnimalTalk (Accept) Animal objSomeAnimal run-time CatDog Animal Animal AnimalTalk 38. 2-phase commit 39. LRCI 40. EnCase File System 41. EnCase Timeline 42. 43. Telecommunication and Network Security 44. Attack Tree 45. Honeynet 46. Partial Mesh as HA 47. Link Layer Encryption vs. End-to-end Encryption 48. ISDN Application 49. MPLS 50. IPSec Mode - Concise 51. PPTP and L2TP Data Format 52. Smurf 53. FDDI Dual Counter-Rotating Ring 54. Routing ProtocolsOpen HopClass Authentica Category NetworklesstionRIPv1 RFC15 No None InteriorSmall1058Distance vectorRIPv2 RFC15 YesPassword InteriorSmall2453 MD5Distance vector MediumIGRPCisco255No None InteriorSmallDistance vectorEIGRP Cisco255YesPassword InteriorLarge MD5HybridOSPFRFCnone YesPassword InteriorLarge2328 MD5Link-stateHeteroISISISO YesPassword InteriorLarge10589 Link-stateEGP ExteriorAS-ASDistance vectorBGP RFC CIDR MD5ExteriorAS-AS1771Distance vector Cisco Certified Network Associate Study Guide 55. Subnetting vs. supernetting One Class C 8 contiguous Class C 56. VPN Site to Site 57. NetBios 58. War Dialer - PhoneSweep 59. Finger 60. IPP in IIS 61. LPR in XP 62. Tapping Fiber Optics 63. SAN 64. Transmission Technology 65. BCP 66. BIA Process OwnerImpactBusiness Activity GeographicTimescaleExtent MTPDRPO 67. 4.1 INCIDENT RESPONSE STRUCTURE 68. RTO < MTPD(MTD) 69. Trailer 70. Scope 71. BCM is a Balancing Act(cont.) High CostHigh Lossrecoverystrategydisruption Cost/Loss Cost/Loss Cost/Loss Cost/Loss Cost/Loss Cost/Loss Cost/Loss Cost/Loss Cost Cost Cost Cost Cost Cost Cost Cost Optimal Lose Business Point Time 73 72. Physical Security 73. OS 74. Heat and cool air 75. Data loss on transportation 76. sourceIBM xforce report 2008