Great walk through http://www.trainsignaltraining.com/how-to-setup-iscsi-drive-using-freenas/2009-01-19/
PS. Once the drive shows up in computer management on Server 2008 - it may be offline (with some bogus error about security policy). Right click offline and click online. You will likely also need to right click again and initialize. Then you should be able to right click the drive and partition.
Great video on Server 2008 Quorum http://www.youtube.com/watch?v=j9E1LgLwG88
Saturday, August 28, 2010
Saturday, August 14, 2010
CISSP - Operations Security
Scanning identifies open ports - fingerprinting identifies OS / Application - this can be active (creating the traffic) or passive (watching existing traffic)
War Chalking - used to indicate where wireless networks are
TCSEC Assurance Levels -
1. System Architecture
2. System Integrity
3. Covert Channel Analysis
4. Trusted Facility Management
5. Trusted Recovery
Common Criteria - Recovery
1. Manual Recovery
2. Automated Recovery
3. Automated Recovery without Undue Loss
Componenets
1. failure preparation(backups), system recovery
War Chalking - used to indicate where wireless networks are
TCSEC Assurance Levels -
1. System Architecture
2. System Integrity
3. Covert Channel Analysis
4. Trusted Facility Management
5. Trusted Recovery
Common Criteria - Recovery
1. Manual Recovery
2. Automated Recovery
3. Automated Recovery without Undue Loss
Componenets
1. failure preparation(backups), system recovery
CISSP - Information Security and Risk Management
RFC 2196 - Site Security Handbook
Formulai
Total Risk = Threat * Vulnerability * Asset Value
Annual Loss Expectancy = Single Loss Expectancy * Annualized Rate of Occurence
Residual Risk = Annual Loss Expectancy * Control Gap
Single Loss Expectancy = Asset Value * Exposure Factor
Risk Analysis
FRAP - Facilitated Risk Analysis Process - team gets together to brainstorm through. 26 commong controls.
Delphi - answers are in written form - good for getting some quiet opinions - not good for discussion
Risk Assessment Steps
1. Reduce, Transfer, or avoid risk
2. Derive annual loss potential
3. Perform a threat analysis
4. Estimate potential loss
5. assign value to assets
Labeling
Government = Unclassified -> Top Secret
Commercial = Public -> Confidential
Roles
Information Security Officer - Functional Role of Security
Auditors -> provide reports on effectiveness to senior management
Senior Management - ultimately responsible for security
Formulai
Total Risk = Threat * Vulnerability * Asset Value
Annual Loss Expectancy = Single Loss Expectancy * Annualized Rate of Occurence
Residual Risk = Annual Loss Expectancy * Control Gap
Single Loss Expectancy = Asset Value * Exposure Factor
Risk Analysis
FRAP - Facilitated Risk Analysis Process - team gets together to brainstorm through. 26 commong controls.
Delphi - answers are in written form - good for getting some quiet opinions - not good for discussion
Risk Assessment Steps
1. Reduce, Transfer, or avoid risk
2. Derive annual loss potential
3. Perform a threat analysis
4. Estimate potential loss
5. assign value to assets
Labeling
Government = Unclassified -> Top Secret
Commercial = Public -> Confidential
Roles
Information Security Officer - Functional Role of Security
Auditors -> provide reports on effectiveness to senior management
Senior Management - ultimately responsible for security
CISSP - Application Security
Waterfall Model - discrete sequential steps
SDLC Phases
1. Project Initiation and Planning
2. Functional Requirements Definition
3. System Design Specifications
4. Development and Implementation
5. Documentation and Common Program Controls
6. Testing and Evaluation Control, Certification, and Accredidation
7. Transition to Production (Implementation)
8. Operations and Maintenance Support
9. Revisions and System Replacement
Data Dictionary - database of schemas
Mobile Code - code that can be executed in network browsers (ie, firefox)
Software Capability Maturity Model
1. Initiating
2. Repeatable (Project Management has been documented)
3. Defined (quantitative process improvement)
4. Managed
5. Optimizing
replaced in 2007 by CMMI = CMM + Integration
now has 22 process areas
Distributed System Requirements
1. interoperability
2. portability
3. transparency
4. extensibility
5. security
spoofing is changing the ip address, masquerading is changing the email from or caller id
perturbation - is injecting noise (meaningless data) to prevent inferrence.
SODA - Secure Object-Oriented Database Access - uses polyinstantiation to remedy the multiparty update conflict
Change Control Process
1. formal request
2. analyze
3. record
4. approve
5. develop (ie. scripts)
6. report to management
SDLC Phases
1. Project Initiation and Planning
2. Functional Requirements Definition
3. System Design Specifications
4. Development and Implementation
5. Documentation and Common Program Controls
6. Testing and Evaluation Control, Certification, and Accredidation
7. Transition to Production (Implementation)
8. Operations and Maintenance Support
9. Revisions and System Replacement
Data Dictionary - database of schemas
Mobile Code - code that can be executed in network browsers (ie, firefox)
Software Capability Maturity Model
1. Initiating
2. Repeatable (Project Management has been documented)
3. Defined (quantitative process improvement)
4. Managed
5. Optimizing
replaced in 2007 by CMMI = CMM + Integration
now has 22 process areas
Distributed System Requirements
1. interoperability
2. portability
3. transparency
4. extensibility
5. security
spoofing is changing the ip address, masquerading is changing the email from or caller id
perturbation - is injecting noise (meaningless data) to prevent inferrence.
SODA - Secure Object-Oriented Database Access - uses polyinstantiation to remedy the multiparty update conflict
Change Control Process
1. formal request
2. analyze
3. record
4. approve
5. develop (ie. scripts)
6. report to management
Thursday, August 12, 2010
CISSP - Telecommunications and Network Security
WAN
ISDN BRI = 2 B and 1 D
Packet Switched = Frame Relay, X.25, ATM
Circuit Switched = DDS
Networking Models
OSI Model is an ISO Standard
TCP IP Model = Network Interface -> Inter networking -> Transport -> Application
SSL is between transport and session layers
802.15 = Wireless personal area - think bluetooth
IP
protocol field of packet -> 0x01 = ICMP, 0x06 = TCP, 0x11 = UDP, 0x58 = IGRP
determine Class
0xxxxxxx = <128 = A
10xxxxxx = <192 = B
110xxxxx = <224 = C
1110xxxx = <240 = D
private addresses
10.0.0.0/8
*127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.168.0.0/16
RAID
0 = Striping
1 = Mirroring
2 = bit level striping w/ parity
3 = byte level striping w / parity
4 = block level striping w/ parity
5 = block level striping w / distributed parity
6 = block level striping w/ double distributed parity (requires 4 disks but can tolerate 2 down disks)
VPN
PPTP (PPP w/ MPPE, MS-CHAP, EAP-TLS), L2TP, IPSEC, L2F
Authentication
EAP, RADIUS, TACACS, PAP, CHAP
Wireless Security
WEP, WAP, WPA, TKIP
WAP 1 = no authentication, 2 = server authentication, 3 = server and client authentication
Attacks
Wormhole - a shortcut(wormhole) is created between 2 networks tricking routing protocols into using the wormhole. Then all traffic can be monitored or disrupted.
Firewalls
Dual-homed / bastion = think pc w/ 2 nics filtering traffic
Screened host = separation is logical instead of physical - in other words - only one nic. I picture this as a router only allowing 80 traffic to a proxy server, and the proxy server being the screened host firewall - though dependent on the router.
Screened subnet = 3 nics - think DMZ
ISDN BRI = 2 B and 1 D
Packet Switched = Frame Relay, X.25, ATM
Circuit Switched = DDS
Networking Models
OSI Model is an ISO Standard
TCP IP Model = Network Interface -> Inter networking -> Transport -> Application
SSL is between transport and session layers
802.15 = Wireless personal area - think bluetooth
IP
protocol field of packet -> 0x01 = ICMP, 0x06 = TCP, 0x11 = UDP, 0x58 = IGRP
determine Class
0xxxxxxx = <128 = A
10xxxxxx = <192 = B
110xxxxx = <224 = C
1110xxxx = <240 = D
private addresses
10.0.0.0/8
*127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.168.0.0/16
RAID
0 = Striping
1 = Mirroring
2 = bit level striping w/ parity
3 = byte level striping w / parity
4 = block level striping w/ parity
5 = block level striping w / distributed parity
6 = block level striping w/ double distributed parity (requires 4 disks but can tolerate 2 down disks)
VPN
PPTP (PPP w/ MPPE, MS-CHAP, EAP-TLS), L2TP, IPSEC, L2F
Authentication
EAP, RADIUS, TACACS, PAP, CHAP
Wireless Security
WEP, WAP, WPA, TKIP
WAP 1 = no authentication, 2 = server authentication, 3 = server and client authentication
Attacks
Wormhole - a shortcut(wormhole) is created between 2 networks tricking routing protocols into using the wormhole. Then all traffic can be monitored or disrupted.
Firewalls
Dual-homed / bastion = think pc w/ 2 nics filtering traffic
Screened host = separation is logical instead of physical - in other words - only one nic. I picture this as a router only allowing 80 traffic to a proxy server, and the proxy server being the screened host firewall - though dependent on the router.
Screened subnet = 3 nics - think DMZ
Friday, July 23, 2010
CISSP - Physical Security
Types of Motion Detectors:
Wave pattern: think microwave, if the frequency bouncing back changes from norm then there is motion.
Capacitance: monitors an eletrical field for change - used for small area - think of an area surrounding an object in a museum.
Audio: listens for noise
Photoelectric: think grid of light (visible or not)
Types of fire suppression systems
Water Sprinklers
Wet Pipe: Pipe is full of water to the sprinkler head - quit to get water to fire - but if it was a false alarm, can cause equipment damage for no reason
Dry Pipe: Pipe is not full of water - providing a little bit of time to react to a false alarm - pipes could have leaks that aren't realized until a fire forces water into the pipes.
Deluge: Similar to dry pipe - but for high volumes of water - which is why they are not used around computer equipment
Preaction: dry until heat sensor primes it (now wet pipe) - then another heat sensor releases the water
Classes of Fire
A - Common combustibles - like wood
B - Burnable fules - like gas
C - Electrical - like a data center
D - Grease or chemical - like a kitchen
Halon 1301 (1211 - portable) above 10% and >900 degrees it degrades into hydrogen flouride, hydrogen bromide, and bromine which is toxic. For this reason, it has been replaced (via Environmental Protection Act of 1990) by FM-200 (Argon and Inergen are also options but not as effective). If a Halon system is in place - it CAN continue to be used, but extra measures must be taken when it is used
CCTV: Closed Circuit Television - Decrease Focal Length to widen view larger iris for less light areas
CPTED: Crime Prevention Through Environmental Design
Fences:
2 inch - Normal
1 inch - High
3/8 inch - Extremely high
Gauge - smaller gauge = bigger diameter (tougher fence)
3-4 feet - Deter casual
8 feet - deter determined
Piezoelectric: think kinetic energy - not really related but it was thrown in as a decoy answer and I didn't know what it was
Exterior Lighting: 2 feet of candlepower at 8 feet above the fence so as to blind intruders from seeing past the fence and illuminating them for the cameras
Glare Protection: pointing lights towards potential intruders and away from guards.
Fixed lighting = Fixed Iris as it doesn't need to adjust for changes in light
Classes of Gates:
1 - Residential
2 - Commercial
3 - Industrial
4 - Restricted
Static Electricity
1500 static volts can damage a HDD and as little as 10 static volts can damage some electrical components. Humans cannot perceive until 1500 and the typical scuff on the carpet produces closer to 12,000.
Access to Server room - the technician side of me says that admins need access. The CISSP side of me (needs to) says that the server room should be highly controlled. Admins should be able to do most everything remotely.
HVAC
Must have positive pressurization - meaning if the doors are opened - air rushes out as opposed to pulling dusty dirty air in.
Too much moisture = corrosion
Too little moisture = static electricity
Too much heat = over heat
Too little heat = slowed performance
Doors
Fail-safe - doors are open
Fail-secure - doors are closed with an emergency bar(or other method) to keep people from being trapped in
Locks
Warder < Pin&Tumbler
Bump key is cut to number 9 position (not sure what that means) - and allows the lock picker to bump the key while applying pressure to the lock to open the lock
Annunciation System verbally alerts guards so that they can take action
Bollard - blocks a vehicle from passing - usually metal or cement and arranged in a line of columns.
Mantrap is two sets of doors - like in castles where you go through two sets of gates and in between they are ready to poor boiling oil on you!!
Wave pattern: think microwave, if the frequency bouncing back changes from norm then there is motion.
Capacitance: monitors an eletrical field for change - used for small area - think of an area surrounding an object in a museum.
Audio: listens for noise
Photoelectric: think grid of light (visible or not)
Types of fire suppression systems
Water Sprinklers
Wet Pipe: Pipe is full of water to the sprinkler head - quit to get water to fire - but if it was a false alarm, can cause equipment damage for no reason
Dry Pipe: Pipe is not full of water - providing a little bit of time to react to a false alarm - pipes could have leaks that aren't realized until a fire forces water into the pipes.
Deluge: Similar to dry pipe - but for high volumes of water - which is why they are not used around computer equipment
Preaction: dry until heat sensor primes it (now wet pipe) - then another heat sensor releases the water
Classes of Fire
A - Common combustibles - like wood
B - Burnable fules - like gas
C - Electrical - like a data center
D - Grease or chemical - like a kitchen
Halon 1301 (1211 - portable) above 10% and >900 degrees it degrades into hydrogen flouride, hydrogen bromide, and bromine which is toxic. For this reason, it has been replaced (via Environmental Protection Act of 1990) by FM-200 (Argon and Inergen are also options but not as effective). If a Halon system is in place - it CAN continue to be used, but extra measures must be taken when it is used
CCTV: Closed Circuit Television - Decrease Focal Length to widen view larger iris for less light areas
CPTED: Crime Prevention Through Environmental Design
Fences:
2 inch - Normal
1 inch - High
3/8 inch - Extremely high
Gauge - smaller gauge = bigger diameter (tougher fence)
3-4 feet - Deter casual
8 feet - deter determined
Piezoelectric: think kinetic energy - not really related but it was thrown in as a decoy answer and I didn't know what it was
Exterior Lighting: 2 feet of candlepower at 8 feet above the fence so as to blind intruders from seeing past the fence and illuminating them for the cameras
Glare Protection: pointing lights towards potential intruders and away from guards.
Fixed lighting = Fixed Iris as it doesn't need to adjust for changes in light
Classes of Gates:
1 - Residential
2 - Commercial
3 - Industrial
4 - Restricted
Static Electricity
1500 static volts can damage a HDD and as little as 10 static volts can damage some electrical components. Humans cannot perceive until 1500 and the typical scuff on the carpet produces closer to 12,000.
Access to Server room - the technician side of me says that admins need access. The CISSP side of me (needs to) says that the server room should be highly controlled. Admins should be able to do most everything remotely.
HVAC
Must have positive pressurization - meaning if the doors are opened - air rushes out as opposed to pulling dusty dirty air in.
Too much moisture = corrosion
Too little moisture = static electricity
Too much heat = over heat
Too little heat = slowed performance
Doors
Fail-safe - doors are open
Fail-secure - doors are closed with an emergency bar(or other method) to keep people from being trapped in
Locks
Warder < Pin&Tumbler
Bump key is cut to number 9 position (not sure what that means) - and allows the lock picker to bump the key while applying pressure to the lock to open the lock
Annunciation System verbally alerts guards so that they can take action
Bollard - blocks a vehicle from passing - usually metal or cement and arranged in a line of columns.
Mantrap is two sets of doors - like in castles where you go through two sets of gates and in between they are ready to poor boiling oil on you!!
CISSP - System Architecture and Design
Evaluation Criteria
TCSEC: US Based - Trusted Computer System Evaluation Criteria AKA Orange Book superseded by Common Criteria. A is higher then D. B3 is higher than B1.
A -> Verified - A1 = Configuration Management
B -> Mandatory Access Control - B1 = Labeled - B2 = Structured, B3 = Security Domains, Covert Channels
C -> Discretionary Access Control
D -> Minimal Security
ITSEC (1980s) - Europe Based - Seven Assurance (Effectiveness) levels: E0 - E6 and 10 Functionaly levels: F1 - F10
CTCPEC - Canada Based
Common Criteria - ISO around 1990 - Bridge gap between national versions - 7 Assurance Levels: EAL1 < EAL2 (structurally tested) < EAL4 (methodically designed, tested, and reviewed) < EAL6 (semi-formally verified, designed, and tested) < EAL7 (formally verified, designed, and tested)
Covert Channel Analysis: Finding channels being hidden inside of other channels - HTTP is very common for this as people are doing all sorts of things over HTTP that the system may not have been intended to do. DOD has an entire book (Light Pink Book) dedicated to this.
Security Models
Bell-LaPadula - Confidentiality Model - Simple = No read up, Star = no write down
Biba - Integrity Model - Simple = No read down, Star = no write up
Clark Wilson (1987) - Security Labels (MAC) - meets all goals of integrity. IVP (Integrity Verification Procedure) confirms integrity. Constrained Data Item is being protected, Unconstrained is not yet protected. Transformational Procedure...
Take-Grant - Create, revoke, grant, take
Brewer-Nash - Conflict of Interest
Sutherland - Inference
Goguen-Meseguer
Bobert-Kain
Low Level
Memory Management - requirements - relocation, protection, sharing, physical organization, logical organization
CPU States - Ready, Supervisor (privileged), Problem (user - processing - not really a problem), Wait
Process States - New (to be loaded into memory), Blocked (waiting for input), ready (waiting to give to cpu), running (waiting for CPU to finish)
PLC - Programmable Logic Controller - think micro controller
PSW - Program Status Word register - holds applications operating state
Rings of Protection - 0 is Security Kernel - home of the Reference Monitor
Bus Interface Unit - Managing access from Bus Resources (PCI, serial, etc) to CPU
Accreditation
NIACAP - National Information Assurance Certification and Accreditation Process - types: site, type, system
DITSCAP - Defense Information Technology Security Certification and Accreditation Process - 4 phases - replaced by DIACAP - Defense Information Assurance Certification and Accreditation Process
The Books
Neon Orange - NCSC-TG-003 - A Guide to Understanding Discretionary Access Control in Trusted Systems
Purple - Guidelines for formal Verification System
Tan - A Guide to Understanding Audit in Trusted Systems
Green - DOD 5220.22-M - DOD Password Management Guidelines
Orange - TCSEC
Light Pink - Covert Channels
Light Yellow - CSC-STD-003-85
Attacks
TOC / TOU - Time of Check / Time of Use - Asynchronous attack against the timing of when something was checked vs when it is actually used - ie. if a user had admin rights taken away, but hasn't logged off
Van Ecks Phreaking - NOT phones - early version of TEMPEST - project to sniff CRT / VGA emissions
Trusted Computing Base: all of the protection mechanisms in a computer system (hardware, firmware, software). Trusted Path - user / process <-> kernel. Trusted shell AKA sandbox.
CISC: Complex Instruction Set Computing - each instruction can perform multiple low level operations. Meant to bridge the gap between simple low level instructions (1+1 = 2) and high level programming logic / loops. Think x86
RISC: Reduced Instruction Set Computing - based on the philosophy that the CPU can be more efficient if it focuses on the simple operations (contrary to CISC) - modern development has been a balance between the two. SPARC.
TCSEC: US Based - Trusted Computer System Evaluation Criteria AKA Orange Book superseded by Common Criteria. A is higher then D. B3 is higher than B1.
A -> Verified - A1 = Configuration Management
B -> Mandatory Access Control - B1 = Labeled - B2 = Structured, B3 = Security Domains, Covert Channels
C -> Discretionary Access Control
D -> Minimal Security
ITSEC (1980s) - Europe Based - Seven Assurance (Effectiveness) levels: E0 - E6 and 10 Functionaly levels: F1 - F10
CTCPEC - Canada Based
Common Criteria - ISO around 1990 - Bridge gap between national versions - 7 Assurance Levels: EAL1 < EAL2 (structurally tested) < EAL4 (methodically designed, tested, and reviewed) < EAL6 (semi-formally verified, designed, and tested) < EAL7 (formally verified, designed, and tested)
Covert Channel Analysis: Finding channels being hidden inside of other channels - HTTP is very common for this as people are doing all sorts of things over HTTP that the system may not have been intended to do. DOD has an entire book (Light Pink Book) dedicated to this.
Security Models
Bell-LaPadula - Confidentiality Model - Simple = No read up, Star = no write down
Biba - Integrity Model - Simple = No read down, Star = no write up
Clark Wilson (1987) - Security Labels (MAC) - meets all goals of integrity. IVP (Integrity Verification Procedure) confirms integrity. Constrained Data Item is being protected, Unconstrained is not yet protected. Transformational Procedure...
Take-Grant - Create, revoke, grant, take
Brewer-Nash - Conflict of Interest
Sutherland - Inference
Goguen-Meseguer
Bobert-Kain
Low Level
Memory Management - requirements - relocation, protection, sharing, physical organization, logical organization
CPU States - Ready, Supervisor (privileged), Problem (user - processing - not really a problem), Wait
Process States - New (to be loaded into memory), Blocked (waiting for input), ready (waiting to give to cpu), running (waiting for CPU to finish)
PLC - Programmable Logic Controller - think micro controller
PSW - Program Status Word register - holds applications operating state
Rings of Protection - 0 is Security Kernel - home of the Reference Monitor
Bus Interface Unit - Managing access from Bus Resources (PCI, serial, etc) to CPU
Accreditation
NIACAP - National Information Assurance Certification and Accreditation Process - types: site, type, system
DITSCAP - Defense Information Technology Security Certification and Accreditation Process - 4 phases - replaced by DIACAP - Defense Information Assurance Certification and Accreditation Process
The Books
Neon Orange - NCSC-TG-003 - A Guide to Understanding Discretionary Access Control in Trusted Systems
Purple - Guidelines for formal Verification System
Tan - A Guide to Understanding Audit in Trusted Systems
Green - DOD 5220.22-M - DOD Password Management Guidelines
Orange - TCSEC
Light Pink - Covert Channels
Light Yellow - CSC-STD-003-85
Attacks
TOC / TOU - Time of Check / Time of Use - Asynchronous attack against the timing of when something was checked vs when it is actually used - ie. if a user had admin rights taken away, but hasn't logged off
Van Ecks Phreaking - NOT phones - early version of TEMPEST - project to sniff CRT / VGA emissions
Trusted Computing Base: all of the protection mechanisms in a computer system (hardware, firmware, software). Trusted Path - user / process <-> kernel. Trusted shell AKA sandbox.
CISC: Complex Instruction Set Computing - each instruction can perform multiple low level operations. Meant to bridge the gap between simple low level instructions (1+1 = 2) and high level programming logic / loops. Think x86
RISC: Reduced Instruction Set Computing - based on the philosophy that the CPU can be more efficient if it focuses on the simple operations (contrary to CISC) - modern development has been a balance between the two. SPARC.
Subscribe to:
Posts (Atom)