Skip to content

Instantly share code, notes, and snippets.

@duongkai
Last active July 30, 2018 05:57
Show Gist options
  • Save duongkai/107d8674515b71e0ce22287523826744 to your computer and use it in GitHub Desktop.
Save duongkai/107d8674515b71e0ce22287523826744 to your computer and use it in GitHub Desktop.
CISSP lectures note

Day 2

Chapter 2. Asset

Change management

  • Change Management

    • Create Change Request
    • Submit to CAB (Change advisory board)
    • Review the CR and impact
    • Create rollback plan
  • Hacking lifecycle

    • Information Gathering - Active/passive. Passive using google, archive.org or social networking. Active social engineering, phising, spear phising, impersonation
    • Scanning (65535 ports. Form ports, we will know the service). Firewall monitoring the system. Technique to bypass firewall is firewalking.
    • Enumeration/Gaining access Password cracking, exploit, VA
    • Maintaning access Create backdoor
    • Covering tracks Disable logs and deleting logs
  • Penetration testing

    • Blackbox - similiar as hacking attack
    • Whitebox - similiar VA
    • Graybox
  • Meeting client

    • NDA
    • ROE: Rules of engagement, Scope of work What we can and we can not do like: DDOS (NO), Password cracking (YES).
    • Schedule: what is done when and by whom.
    • Tiger team or Blue team
    • Do not run all test at one go to avoid network congesting.
    • Announced and Unannounced testing.
    • Test normally does not do: Social engineering, impersonation, physical entry. Dumpster diving, Tailgatting and Piggy Backing Birthday attack is not like birthday paradox attack, try guessing birthdays for passwords. Rubber hose attack

Chapter 3. Security Engineering

  • Trusted Computing Base
  • Kernel Ring

Security Model

  • Bell-LaPadula: Developed by Bell and LaPadula Focused on data confidentiality and access to classified information 3 rules:
    • "No read up"
    • "No write down"
    • "No read/write up or down" *
  • State machine model
  • Clark-Wilson: focuses on separation of duties. Integrity
  • Brewer-Nash model: Chinese wall
  • Information flow model: seeks to eliminate covert channels (backdoors)
  • Evaluation Criteria: examine carefully security-related components.

Chapter 4. Cryptography

  • Symmetric crypto cares only about confidentiality
  • Non-synmmetric crypto cares about confidentiality authenticity non-repudiation
  • 4 common algorithms in Test: Twofish, blowfish and IDEA
  • trapdoor function
  • ECC is used for limited enviroment (limited computing capabilities).
  • Hash is good for accidental modification
  • MAC
  • Digital Signatures: overhead computing
  • CRL (certificate revoke list), OCSP (Online certificate status protocol).
  • IPv6: no need DHCP, integrate IPSec.
  • Meet in the middle (not MiTM): try to guess individual keys in 3DES

Day 3

Chapter 5. Network and Communication Security

  • 7 OSI layers (Please Do Not Trust Sales People Anyway)
  • Layer 1. No need to learn too much details about cable or smth like this.
  • Layer 2. ARP Spoofing. Mitigation: Anti sniffing, configure your ARP table in your router to static.
  • Attacks: DoS, DDoS, DRoS. Ping of Death (send a big ICMP packets), Smurf (sending broadcast large ICMP with spoofed source IP address), Teardrop attack (sending fragmented packets to target machine so it cannot reassemble), SYN flood.
  • Remember tool names which are covered in the book.

Chapter 6. Access Control

  • MAC: security labels
  • Disceration AC: using ACL
  • Role base Access control: determine how subjects and objects interact
  • Context dependant access control
  • Rule based access control.
  • RADIUS, pros/cons
  • TACACS+, like RADIUS
  • DIAMETER, like next gen RADIUS, provide for phone and mobile devices.
  • Tempest, Faraday cage, white noise (emit radio), control zones.

Chapter 7. Security Testing and Assessment

  • VA: identify weakness
  • Pentest: Validate the discovered weakness.
  • Blackbox vs Partial Knowledge vs Full Knowledge (whitebox).
  • Reconnaissance, Footprinting, Fingerprinting, VAh

Chapter 8. Security Operation

Incident Management

  • Incident
  • Incident response plan: severity of incident, timeframe to resolve incident.
  • SOP: standard operating procedures
  • ITIL standard
    • Go to Level 1: Helpdesk
      • Understand and analyze the incident.
      • Try and resolve the incident. (need permission to resolve this).
      • Escalate to the right team (security team, db team,...)
      • Create the ticket for escalation.
    • Role and responsibility of Level 1
      • Understand the issue/problem
      • Communicate the updates to the client
      • Create the feedback - satisfication survey.
      • Close the incident.
    • Level 1 skill
      • Good understanding of issue.
      • Able to listen.
      • Good communication skill.
      • Able to resolve small issue.
      • A little of technical skill.
      • Basic troubleshooting.
    • Level 2/Level 3 (Deep technical support) and SME (subject matter expert).
      • If SME is not able to resolve this issue, it will be escalate to the vendor
  • Incident Management step: incident management and bcp/drp is similar.
    • Detection.
  • Response Capability
  • Take care about Physical Security. It is the first line of defense

Chapter 9. Security Development

  • Security flaws
  • Iniatiation. Requirement. Design Specification. Software development. Testing. Operational. Retirement.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment