Objective 4.01 Compare and contrast positive and negative security models
Describe the concept of a positive security model
A “positive” security model (also known as “whitelist”) is one that defines what is allowed, and rejects everything else.
The positive security model can be applied to a number of different application security areas. For example, when performing input validation, the positive model dictates that you should specify the characteristics of input that will be allowed, as opposed to trying to filter out bad input. In the access control area, the positive model is to deny access to everything, and only allow access to specific authorized resources or functions. If you’ve ever had to deal with a network firewall, then you’ve probably encountered this application of the positive model.
The benefit of using a positive model is that new attacks, not anticipated by the developer, will be prevented. However, the negative model can be quite tempting when you’re trying to prevent an attack on your site. Ultimately, however, adopting the negative model means that you’ll never be quite sure that you’ve addressed everything. You’ll also end up with a long list of negative signatures to block that has to be maintained.
Describe the concept of a negative security model
A “negative” (or “blacklist”) security model, which defines what is disallowed, while implicitly allowing everything else.
If you are familiar with good old antivirus software, you are familiar with AV definitions which need to get updated.
This is is a great example of Negative Security, where you know what is bad and you block only the bad stuff.
Pros: it’s easy to manage as someone else does all the hard work for you in identifying the bad things and it can be automatically updated.
Cons: It provides limited protection against attacks, Symantec said in May 2014 that Antivirus is dead. A study found that even after 2 weeks of a 0-day vulnerability, majority of AV vendors didn’t have a signature to block them.
Given a list of scenarios, identify which is a positive security model
Given a list of scenarios, identify which is a negative security model
Describe the benefits of a positive security model
Only what has been defined is allowed
New exploits have a lesser chance of effecting the environment
Useful for environments that don’t change frequently
Describe the benefits of a negative security model
Less false positives
Easier to use in frequently changing environments
Objective 4.02 Explain the purpose of cryptographic services
Describe the purpose of signing
A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, that the sender cannot deny having sent the message (authentication and non-repudiation), and that the message was not altered in transit (integrity). Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.
Describe the purpose of encryption
In cryptography, encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.
Describe the purpose of certificates and the certificate chains
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner’s identity, and the digital signature of an entity that has verified the certificate’s contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner.
In a typical public-key infrastructure (PKI) scheme, the signer is a certificate authority (CA), usually a company which charges customers to issue certificates for them. In a web of trust scheme, the signer is either the key’s owner (a self-signed certificate) or other users (“endorsements”) whom the person examining the certificate might know and trust.
Certificates are an important component of Transport Layer Security (TLS, sometimes called by its older name SSL, Secure Sockets Layer), where they prevent an attacker from impersonating a secure website or other server. They are also used in other important applications, such as email encryption and code signing.
Distinguish between private/public keys
The Public Key is what its name suggests – Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner. Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.
Compare and contrast symmetric/asymmetric encryption
Symmetric encryption uses the identical key to both encrypt and decrypt the data. Symmetric key algorithms are much faster computationally than asymmetric algorithms as the encryption process is less complicated. The length of the key size is critical for the strength of the security. NIST has recommendations on how long a key should be– in general, 160-512 bits. There are inherent challenges with symmetric key encryption in that the key must somehow be managed. Distributing a shared key is a major security risk.
Asymmetric encryption uses two related keys (public and private) for data encryption and decryption, and takes away the security risk of key sharing. The private key is never exposed. A message that is encrypted by using the public key can only be decrypted by applying the same algorithm and using the matching private key. Likewise, a message that is encrypted by using the private key can only be decrypted by using the matching public key.
Objective 4.03 Describe the purpose and advantages of authentication
Explain the purpose of authentication
Authentication is the process of proving that you are who you say you are, usually for the purposes of gaining access to something. In the real world, this is a relatively easy task, even with a really bad driver’s license photo; but in cyberspace, nothing is ever that simple.
Explain the advantages of single sign on
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in with a single ID to gain access to a connected system or systems without being prompted for different usernames or passwords, or in some configurations seamlessly sign on at each system.
Benefits of using single sign-on include:
- Reducing password fatigue from different user name and password combinations
- Reducing time spent re-entering passwords for the same identity
- Reducing IT costs due to lower number of IT help desk calls about passwords
SSO shares centralized authentication servers that all other applications and systems use for authentication purposes and combines this with techniques to ensure that users do not have to actively enter their credentials more than once.
Explain the concepts of multifactor authentication
Multifactor authentication is a method of authenticating a user using two of more of the following:
- Something you know (such as passwords)
- Something you have (such as a smartcard)
- Something you are (such as fingerprints)
Describe the role authentication plays in AAA
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services. The AAA server typically interacts with network access and gateway servers and with databases and directories containing user information.
Objective 4.04 Describe the purpose, advantages, and use cases of IPsec and SSL VPN
Explain the purpose, advantages, and challenges associated with IPsec
Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).
Internet Protocol security (IPsec) uses cryptographic security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.
IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such as Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers at the Application layer. Hence, only IPsec protects all application traffic over an IP network. Applications can be automatically secured by IPsec at the IP layer.
Explain the purpose, advantages, and challenges associated with SSL VPN
An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. In contrast to the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user’s computer. It’s used to give remote users with access to Web applications, client/server applications and internal network connections.