XMind

CCIE SEC Security General

1. Policies - Security Policy Best Practices

2. Information Security Standards (ISO 17799, ISO 27001, BS7799)

   1. Common Criteria

      1. Provides a security framework whereby...

         1. Users can specify what they want

         2. Vendors can implement it

         3. Labs can test vendors claims

      2. derrived from BS7799

   2. CIA

      1. Confidentiality

         1. Prevenets unauthorized disclosure

         2. Implemented by Encryption

      2. Integrity

         1. Prevents anauthorized moddification of data

         2. Implemented by Hashing Algorythms

      3. Availability

         1. ..Is the prevention of loss of access to data, i.e. to ensure it's available when needed

         2. Implemented by Resiliancy / Redunancy & Load Balancing

   3. Security Policies

      1. Acceptable

      2. Ethics

      3. Infomation Sensitivity

      4. Email

   4. Security Wheel

   5. ISO 17799

      1. Renamed ISO 2702

      2. Wikipedia Page

   6. ISO 27001

      1. Wikipedia

   7. BS7799

      1. Wikipedia

3. Standards Bodies

4. Common RFCs

   1. RFC1918

      1. Special-Use IPv4 Addresses

   2. RFC 2827

      1. Network Ingress Filtering Defeating Denial of Service Attacks which employ IP Source Address Spoofing

   3. RFC3330

      1. Special-Use IPv4 Addresses

   4. RFC2401

      1. Security Architecture for the Internet Protocol

5. BCP 38

   1. Network Ingress Filtering for MULTI-HOMED Devices

      1. Linked to RFC2827

   2. BCP 38, RFC 2827, is designed to limit the impact of distributed denial of service attacks, by denying traffic with spoofed addresses access to the network, and to help ensure that traffic is traceable to its correct source network. As a side effect of protecting the Internet against such attacks, the network implementing the solution also protects itself from this and other attacks, such as spoofed management access to networking equipment. There are cases when this may create problems, e.g., with multihoming. This document describes the current ingress filtering operational mechanisms, examines generic issues related to ingress filtering, and delves into the effects on multihoming in particular. This memo updates RFC 2827.

      1. Linked to RFC3704

6. Attacks, Vulnerabilities and Common Exploits - recon, scan, priv escalation, penetration, cleanup, backdoor

   1. Buffer Overflow

      1. When Data written to a memory buffer, due to insufficient bounds checking, Corrupts data vales in memory address adjacent to the buffer

         1. Bounds Checking: Checks if data is "appropriate for storage"

7. Security Audit & Validation

8. Risk Assessment

   1. Quantitative

      1. A Risk calculation based on figures

      2. The probablility of an event, and the estimated cost if it does

         1. The Outputs of this....

            1. ALE Annual Loss Expectancy

            2. EAC Estimated Annual Cost

      3. + A number is generated and risks can easily be ranked by importance

      4. - Probability is rarely accurate / precice, an incorrect calculations can promote complacency

   2. Qualitative

      1. Only Potential Loss is Calculated

      2. Compenents....

         1. Threats

            1. Things that "can go wrong" or "attacks"

            2. e.g. Fire, Fraud

         2. Vulnerabilities

            1. Weaknesses or things that make a threat more likely

            2. e.g. paper in the building = FIRE

         3. Controls

            1. Countermeasus for Threats & Vuln's

               1. Deterrent

                  1. Reduce probability

               2. Preventative

                  1. Prevent sucess if happens

               3. Corrective

                  1. Reduces effectiviness

               4. Detective

                  1. Discovers if happens

                  2. May trigger Corrective

9. Change Management Process

10. Incident Response Framework

11. Computer Security Forensics