[...]... 12 0 12 0 12 1 12 2 12 2 12 2 12 3 12 3 12 4 12 4 12 4 12 5 12 5 12 6 12 6 12 8 12 8 13 0 13 1 13 1 13 2 13 3 14 1 14 3 14 3 14 6 14 7 15 0 15 0 15 5 15 8 15 8 15 9 15 9 16 6 16 6 16 7 16 8 16 9 17 0 17 1 17 2 17 2 17 3 17 3 17 3 17 4 17 4 Contents Session Hijacking Attacks Fragmentation Attacks Dial-Up Attacks Probing and Scanning Vulnerability Scanning ... source that the candidate can use to pre­ pare for the CISSP and ISSEP examinations This text is also useful if the candidate is taking the (ISC)2 CISSP or ISSEP training seminars Prior to this text, the candidate’s choices were the following: 1 To buy numerous expensive texts and use a small portion of each in order to cover the breadth of the 10 CISSP domains and 4 ISSEP domains 2 Acquire and attempt... before the CISSP credential is awarded Another CISSP, the candidate’s employer, or any licensed, certified, or commissioned professional can endorse a CISSP candidate After the examination scoring and the candidate receiving a passing grade, a notifi­ cation letter advises the candidate of his or her status The candidate has 90 days from the date of the letter to submit an endorsement form If the endorsement... 17 4 17 5 17 6 17 6 17 6 17 7 18 3 18 3 18 4 18 6 18 6 18 6 18 7 18 7 18 8 18 9 19 0 19 2 19 3 Chapter 4: Cryptography 203 Introduction Definitions Background ... for the CISSP exam, and with the help and patience of Carol Long the CISSP Prep Guide” came to fruition During those months of writing the text, we never imagined the impact this book would have When the book was published in August 20 01, it immediately became a nonfiction bestseller It stayed on the Amazon Hot 10 0 list for more than four months and was the top-selling computer book of the year The. .. asked to select the best answer of four possible answers The examination comprises 15 0 questions, 25 of which are experimental questions that are not counted The candidate is allotted 3 hours to complete the examination The Approach of This Book Based on the experience of the authors, who have both taken and passed the CISSP examination and one who has taken and passed the ISSEP examination, there is a... origi­ nate The seminars are not intended to teach the examination A candidate for the ISSEP examination must have the CISSP certification as a pre­ requisite New Candidate CISSP Requirements Beginning June 1, 2002, the (ISC)2 has divided the credentialing process into two steps: examination and certification Once a CISSP candidate has been notified of passing the examination, he or she must have the application... Assurance Regulations The (ISC)2 conducts review seminars and administers examinations for information security practitioners who seek the CISSP and ISSEP certifications Candidates for the CISSP examination must attest that they have three to five years’ experience in the information security field and that they subscribe to the (ISC)2 Code of Ethics The seminars cover the CBK from which the examination... digest the myriad of NIST, NSA, and U.S government standards applicable to The Sensory and Motor Exams The Sensory and Motor Exams Bởi: OpenStaxCollege Connections between the body and the CNS occur through the spinal cord The cranial nerves connect the head and neck directly to the brain, but the spinal cord receives sensory input and sends motor commands out to the body through the spinal nerves Whereas the brain develops into a complex series of nuclei and fiber tracts, the spinal cord remains relatively simple in its configuration ([link]) From the initial neural tube early in embryonic development, the spinal cord retains a tube-like structure with gray matter surrounding the small central canal and white matter on the surface in three columns The dorsal, or posterior, horns of the gray matter are mainly devoted to sensory functions whereas the ventral, or anterior, and lateral horns are associated with motor functions In the white matter, the dorsal column relays sensory information to the brain, and the anterior column is almost exclusively relaying motor commands to the ventral horn motor neurons The lateral column, however, conveys both sensory and motor information between the spinal cord and brain 1/11 The Sensory and Motor Exams Locations of Spinal Fiber Tracts Sensory Modalities and Location The general senses are distributed throughout the body, relying on nervous tissue incorporated into various organs Somatic senses are incorporated mostly into the skin, muscles, or tendons, whereas the visceral senses come from nervous tissue incorporated into the majority of organs such as the heart or stomach The somatic senses are those that usually make up the conscious perception of the how the body interacts with the environment The visceral senses are most often below the limit of conscious perception because they are involved in homeostatic regulation through the autonomic nervous system The sensory exam tests the somatic senses, meaning those that are consciously perceived Testing of the senses begins with examining the regions known as dermatomes that connect to the cortical region where somatosensation is perceived in the postcentral gyrus To test the sensory fields, a simple stimulus of the light touch of the soft end of a cotton-tipped applicator is applied at various locations on the skin The spinal nerves, which contain sensory fibers with dendritic endings in the skin, connect with the skin in a topographically organized manner, illustrated as dermatomes ([link]) For example, the fibers of eighth cervical nerve innervate the medial surface of the forearm and extend out to the fingers In addition to testing perception at different positions on the skin, it is necessary to test sensory perception within the dermatome 2/11 The Sensory and Motor Exams from distal to proximal locations in the appendages, or lateral to medial locations in the trunk In testing the eighth cervical nerve, the patient would be asked if the touch of the cotton to the fingers or the medial forearm was perceptible, and whether there were any differences in the sensations Dermatomes The surface of the skin can be divided into topographic regions that relate to the location of sensory endings in the skin based on the spinal nerve that contains those fibers (credit: modification of work by Mikael Häggström) Other modalities of somatosensation can be tested using a few simple tools The perception of pain can be tested using the broken end of the cotton-tipped applicator The perception of vibratory stimuli can be testing using an oscillating tuning fork placed against prominent bone features such as the distal head of the ulna on the medial aspect 3/11 The Sensory and Motor Exams of the elbow When the tuning fork is still, the metal against the skin can be perceived as a cold stimulus Using the cotton tip of the applicator, or even just a fingertip, the perception of tactile movement can be assessed as the stimulus is drawn across the skin for approximately 2–3 cm The patient would be asked in what direction the stimulus is moving All of these tests are repeated in distal and proximal locations and for different dermatomes to assess the spatial specificity of perception The sense of position and motion, proprioception, is tested by moving the fingers or toes and asking the patient if they sense the movement If the distal locations are not perceived, the test is repeated at increasingly proximal joints The various stimuli used to test sensory input assess the function of the major ascending tracts of the spinal cord The dorsal column pathway conveys fine touch, vibration, and proprioceptive information, whereas the spinothalamic pathway primarily conveys pain and temperature Testing these stimuli provides information about whether these two major ascending pathways are functioning properly Within the spinal cord, the two systems are segregated The dorsal column information ascends ipsilateral to the source of the stimulus and decussates in the medulla, whereas the spinothalamic pathway decussates at ... 55915X Ch02.qxd 3/22/04 5:46 PM Page 73 73 Chapter 2 ✦ Study Guide 73 Assessment Questions You can find the answers to the following questions in Appendix A. 1. The goals of integrity do NOT include: a. Accountability of responsible individuals b. Prevention of the modification of information by unauthorized users c. Prevention of the unauthorized or unintentional modification of informa- tion by authorized users d. Preservation of internal and external consistency 2. Kerberos is an authentication scheme that can be used to implement: a. Public key cryptography b. Digital signatures c. Hash functions d. Single Sign-On (SSO) 3. The fundamental entity in a relational database is the: a. Domain b. Relation c. Pointer d. Cost 4. In a relational database, security is provided to the access of data through: a. Candidate keys b. Views c. Joins d. Attributes 5. In biometrics, a “one-to-one” search to verify an individual’s claim of an iden- tity is called: a. Audit trail review b. Authentication c. Accountability d. Aggregation 55915X Ch02.qxd 3/22/04 5:46 PM Page 74 74 Chapter 2 ✦ Study Guide 6. Biometrics is used for identification in the physical controls and for authenti- cation in the: a. Detective controls b. Preventive controls c. Logical controls d. Corrective controls 7. Referential integrity requires that for any foreign key attribute, the referenced relation must have: a. A tuple with the same value for its primary key b. A tuple with the same value for its secondary key c. An attribute with the same value for its secondary key d. An attribute with the same value for its other foreign key 8. A password that is the same for each logon is called a: a. Dynamic password b. Static password c. Passphrase d. One-time pad 9. Which one of the following is NOT an access attack? a. Spoofing b. Back door c. Dictionary d. Penetration test 10. An attack that uses a detailed listing of common passwords and words in gen- eral to gain unauthorized access to an information system is BEST described as: a. Password guessing b. Software exploitation c. Dictionary attack d. Spoofing 55915X Ch02.qxd 3/22/04 5:46 PM Page 75 75 Chapter 2 ✦ Study Guide 75 11. A statistical anomaly–based intrusion detection system: a. Acquires data to establish a normal system operating profile b. Refers to a database of known attack signatures c. Will detect an attack that does not significantly change the system’s operating characteristics d. Does not report an event that caused a momentary anomaly in the system 12. Which one of the following definitions BEST describes system scanning? a. An attack that uses dial-up modems or asynchronous external connec- tions to an information system in order to bypass information security control mechanisms. b. An attack that is perpetrated by intercepting and saving old messages and then sending them later, impersonating one of the communicating parties. c. Acquisition of information that is discarded by an individual or organization d. A process used to collect information about a device or network to facili- tate an attack on an information system 13. In which type of penetration test does the testing team have access to internal system code? a. Closed box b. Transparent box c. Open box d. Coding box 14. A standard data manipulation and relational database definition language is: a. OOD b. SQL c. SLL d. Script 15. An attack that can be perpetrated against a remote user’s callback access con- trol is: a. Call forwarding b. A Trojan horse c. A maintenance hook d. Redialing 55915X Ch02.qxd 3/22/04 5:46 PM Page 76 76 Chapter 2 ✦ Study Guide 16. The definition of CHAP is: a. Confidential Hash Authentication Protocol b. Challenge Handshake Authentication Protocol c. Challenge Handshake Approval Protocol d. Confidential Handshake Approval Protocol 17. Using symmetric key cryptography, Kerberos authenticates clients to other entities 55915X Ch03.qxd 3/22/04 5:46 PM Page 179 Chapter 3 ✦ Telecommunications and Network Security 179 TCP SYN (half open) scanning. TCP SYN scanning is often referred to as half- open scanning because, unlike TCP connect( ), a full TCP connection is never opened. The scan works by: 1. Sending a SYN packet to a target port. 2. If a SYN/ACK is received this indicates the port is listening. 3. The scanner then breaks the connection by sending an RST (reset) packet. 4. If an RST is received, this indicates the port is closed. This is harder to trace because fewer sites log incomplete TCP connections, but some packet-filtering firewalls look for SYNs to restricted ports. TCP SYN/ACK scan. TCP SYN/ACK is another way to determine if ports are open or closed. The TCP SYN/ACK scan works by: • Scanner initially sends a SYN/ACK. • If the port is closed, it assumes the SYN/ACK packet was a mistake and sends an RST. • If the port was open, the SYN/ACK packet will be ignored and drop the packet. This is considered a stealth scan since it isn’t likely to be logged by the host being scanned, but many intrusion detection systems may catch it. TCP FIN scanning. TCP FIN is a stealth scan that works like the TCP SYN/ACK scan. • Scanner sends a FIN packet to a port. • A closed port replies with an RST. • An open port ignores the FIN packet. One issue with this type of scanning is that TCP FIN can be used only to find listening ports on non-Windows machines or to identify Windows machines because Windows ports send an RST regardless of the state of the port. TCP ftp proxy (bounce attack) scanning. TCP FTP proxy (bounce attack) scanning is a very stealthy scanning technique. It takes advantage of a weak- ness in proxy ftp connections. It works like this: • The scanner connects to an FTP server and requests that the server ini- tiate a data transfer process to a third system. • The scanner uses the PORT FTP command to declare that the data trans- fer process is listening on the target box at a certain port number. 55915X Ch03.qxd 3/22/04 5:46 PM Page 180 180 Part I ✦ Focused Review of the CISSP Ten Domains • It then uses the LIST FTP command to try to list the current directory. The result is sent over the server data transfer process channel. • If the transfer is successful, the target host is listening on the specified port. • If the transfer is unsuccessful, a “425 Can’t build data connection: Connection refused” message is sent. Some FTP servers disable the proxy feature to prevent TCP FTP proxy scanning. IP fragments. Fragmenting IP packets is a variation on the other TCP scanning techniques. Instead of sending a single probe packet, the packet is broken into two or more packets and reassembled at the destination, thus bypassing the packet filters. ICMP scanning (ping sweep). As ICMP doesn’t use ports, this is technically not a port scanning technique, but it should be mentioned. Using ICMP Echo requests, the scanner can perform what is known as a ping sweep. Scanned hosts will reply with an ICMP Echo reply indicating that they are alive, whereas no response may mean the target is down or nonexistent. Determining the OS Type Determining the type of OS is also an objective of scanning, as this will determine the type of attack to be launched. Sometimes a target’s operating system details can be found very simply by examin- ing its Telnet banners or its File Transfer Protocol (FTP) servers, after connecting to these services. TCP/IP stack fingerprinting is another technique to identify the particular version of an operating system. Since OS and device vendors implement TCP/IP differently, these differences can help in determining the OS. Some of these differences include: ✦ Time To Live (TTL) ✦ Initial Window Size ✦ Don’t Fragment (DF) bit ✦ Type of Service (TOS) Table 3-11shows some common Time To Live values. Remember that the TTL will decrement each time the packet passes through a 55915X Ch05.qxd 3/22/04 5:44 PM Page 285 Chapter 5 ✦ Security Architecture and Models 285 ✦ Level 5 5.1 Improving Organizational Capability 5.2 Improving Process Effectiveness The corresponding descriptions of the five levels are given as follows:* ✦ Level 1, “Performed Informally,” focuses on whether an organization or pro- ject performs a process that incorporates the BPs. A statement characterizing this level would be, “You have to do it before you can manage it.” ✦ Level 2, “Planned and Tracked,” focuses on project-level definition, planning, and performance issues. A statement characterizing this level would be, “Understand what’s happening on the project before defining organization- wide processes.” ✦ Level 3, “Well Defined,” focuses on disciplined tailoring from defined pro- cesses at the organization level. A statement characterizing this level would be, “Use the best of what you’ve learned from your projects to create organi- zation-wide processes.” ✦ Level 4, “Quantitatively Controlled,” focuses on measurements being tied to the business goals of the organization. Although it is essential to begin collect- ing and using basic project measures early, measurement and use of data is not expected organization-wide until the higher levels have been achieved. Statements characterizing this level would be, “You can’t measure it until you know what ‘it’ is” and “Managing with measurement is only meaningful when you’re measuring the right things.” ✦ Level 5, “Continuously Improving,” gains leverage from all the management practice improvements seen in the earlier levels and then emphasizes the cul- tural shifts that will sustain the gains made. A statement characterizing this level would be, “A culture of continuous improvement requires a foundation of sound management practice, defined processes, and measurable goals.” Information Security Models Models are used in information security to formalize security policies. These mod- els might be abstract or intuitive and will provide a framework for the understand- ing of fundamental concepts. In this section, three types of models are described: access control models, integrity models, and information flow models. *Source: “The Systems Security Engineering Capability Maturity Model v2.0,” 1999. 55915X Ch05.qxd 3/22/04 5:44 PM Page 286 286 Part I ✦ Focused Review of the CISSP Ten Domains ISSEP Access Control Models Access control philosophies can be organized into models that define the major and different approaches to this issue. These models are the access matrix, the Take-Grant model, the Bell-LaPadula confidentiality model, and the state machine model. The Access Matrix The access matrix is a straightforward approach that provides access rights to sub- jects for objects. Access rights are of the type read, write, and execute. A subject is an active entity that is seeking rights to a resource or object. A subject can be a per- son, a program, or a process. An object is a passive entity, such as a file or a storage resource. In some cases, an item can be a subject in one context and an object in another. A typical access control matrix is shown in Figure 5-7. The columns of the access matrix are called Access Control Lists (ACLs), and the rows are called capability lists. The access matrix model supports discretionary access control because the entries in the matrix are at the discretion of the individ- ual(s) who have the authorization authority over the table. In the access control matrix, a subject’s capability can be defined by the triple (object, rights, and ran- dom #). Thus, the triple defines the rights that a subject has to an object along with a random number used to prevent a replay or spoofing of the triple’s source. This triple is similar to the Kerberos tickets previously discussed in Chapter 2. Subject Object File Income File Salaries Process Deductions Print Server A Joe Read Read/Write Execute Write Jane 55915X Ch08.qxd 3/22/04 5:48 PM Page 391 Chapter 8 ✦ Business Continuity Planning and Disaster Recovery Planning 391 Disaster Recovery Plan Software Tools There are several vendors that distribute automated tools to create disaster recovery plans. These tools can improve productivity by providing formatted templates customized to the particular organization’s needs. Some vendors also offer specialized recovery software focused on a particular type of business or vertical market. A good source of links to various vendors is located at: www.intiss.com/intisslinks. In this type of agreement, both parties agree to support each other in the case of a disruptive event. This arrangement is made on the assumption that each organiza- tion’s operations area will have the capacity to support the other’s in time of need. This is a big assumption. There are clear advantages to this type of arrangement. It allows an organization to obtain a disaster-processing site at very little or no cost, thereby creating an alter- nate processing site even though a company may have very few financial resources to create one. Also, if the companies have very similar processing needs, that is, the same network operating system, the same data communications needs, or the same transaction processing procedures, this type of agreement may be workable. This type of agreement has serious disadvantages, however, and really should be considered only if the organization has the perfect partner (a subsidiary, perhaps) and has no other alternative to disaster recovery (i.e., a solution would not exist otherwise). One disadvantage is that it is highly unlikely that each organization’s infrastructure will have the extra, unused capacity to enable full operational pro- cessing during the event. Also, as opposed to a hot or warm site, this type of arrangement severely limits the responsiveness and support available to the organi- zation during an event and can be used only for short-term outage support. The biggest flaw in this type of plan is obvious if we ask what happens when the disaster is large enough to affect both organizations. A major outage can easily dis- rupt both companies, thereby canceling any advantage that this agreement might provide. The capacity and logistical elements of this type of plan make it seriously limited. Subscription Services Another type of alternate processing scenario is presented by subscription ser- vices. In this scenario, third-party commercial services provide alternate backup and processing facilities. Subscription services are probably the most common of the alternate processing site implementations. They have very specific advantages and disadvantages, as we will see. 55915X Ch08.qxd 3/22/04 5:48 PM Page 392 392 Part I ✦ Focused Review of the CISSP Ten Domains There are three basic forms of subscription services with some variations: ✦ Hot site ✦ Warm site ✦ Cold site Hot Site This is the Cadillac of disaster recovery alternate backup sites. A hot site is a fully configured computer facility with electrical power, heating, ventilation, and air con- ditioning (HVAC) and functioning file/print servers and workstations. The applica- tions that are needed to sustain remote transaction processing are installed on the servers and workstations and are kept up-to-date to mirror the production system. Theoretically, personnel and/or operators should be able to walk in and, with a data restoration of modified files from the last backup, begin full operations in a very short time. If the site participates in remote journaling, that is, mirroring transaction processing with a high-speed data line to the hot site, even the backup time may be reduced or eliminated. This type of site requires constant maintenance of the hardware, software, data, and applications to ensure that the site accurately mirrors the state of the produc- tion site. This adds administrative overhead and can be a strain ... to the palm of the hand? And what you think the distance would be on the arm, or the shoulder? 9/11 The Sensory and Motor Exams The fingertips are the most sensitive skin on the hand, so the. .. Sensory and Motor Exams upper motor neuron (UMN) and the lower motor neuron (LMN) Voluntary movements require these two cells to be active The motor exam tests the function of these neurons and the. .. hemisection The dorsal column will be intact ipsilateral to the source on the intact 8/11 The Sensory and Motor Exams side and reach the brain for conscious perception The trauma would be at the level