CISSP Cyber Training Podcast - CISSP Training Program
Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀
CISSP Cyber Training Podcast - CISSP Training Program
CCT 269: CISSP Rapid Review Exam Prep - Domain 3 (Part 1)
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
We begin by exploring foundational security principles that drive effective system design. Threat modeling emerges as a proactive approach for identifying vulnerabilities before implementation, while least privilege ensures users have only the access they absolutely need. Defense in depth creates those crucial security layers that prevent single points of failure from becoming catastrophic breaches. The podcast clarifies how secure defaults and fail-secure mechanisms ensure systems remain protected even during unexpected circumstances.
The security models section demystifies complex concepts like Bell-LaPadula (no read up, no write down) and Biba (no read down, no write up), providing clear distinctions between these often-confused frameworks. You'll gain clarity on when and why each model applies to different security priorities—whether confidentiality in Bell-LaPadula or integrity in Biba. Other essential models covered include Clark-Wilson, Brewer-Nash (Chinese Wall), and State Machine models.
Memory protection emerges as a crucial technical component, with explanations of buffer overflows, dangling pointers, and other vulnerabilities that can compromise system integrity. The practical countermeasures discussed—Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and secure coding practices—provide actionable knowledge for preventing memory-based attacks.
The episode also highlights the NSA's recent release of "Elite Wolf," a repository of signatures and analytics for operational technology networks. This timely information underscores the growing importance of securing industrial control systems, which have historically received less security attention despite their critical nature.
Whether you're preparing for the CISSP exam or looking to strengthen your security architecture knowledge, this episode provides the structured approach and key concepts you need. Ready to master the most heavily weighted domain on the CISSP exam? Visit CISSP Cyber Training for additional resources, practice questions, and comprehensive exam preparation materials.
Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Let's go.
Speaker 2:Cybersecurity knowledge All right, let's get started. Hey, I'm Sean Gerber with CISSP Cyber Training and today's podcast. We're going to be focused on domain three of my CISSP Rapid Review exam prep. That's the goal is to provide you the tools you need to pass the CISSP exam the first time and this exam prep. It walks you through step by step of what are the things you need to know for each sub domain it's on domain 3.1.2 and so forth and the ultimate goal is to give you that information that you can, so you can pass a test. Now this is going to be part one of two parts, and the reason is because it's quite long and, as we get into the overall question breakdown, per domain domain three has around is around 30% of all the questions will come out of that from a security, architecture and engineering standpoint. Now, again, if you can go and get all kinds of free content out there on the web to help you pass the CISSP and I highly encourage it However, you can go to CISSP cyber training and have all of it curated in one spot. I have a ton of free stuff that's available and more that keeps coming. All of my rapid review stuff is out there as well as all of my CISSP questions. So go and check it out. There's tons of stuff. There's also paid stuff that's there. But just go check it out, see what you think, what you like, and then we can go from there.
Speaker 2:But let's just talk about before we get into the overall content from Domain 3, let's just talk about some stuff that we've seen in the news today. So, as in the CISSP, cyber Training, I would like the last podcast. We talked a little bit about OT and the industrial control environment. We're going to have just a little bit of a path down that way, just a little bit right. So we kind of bounce around a little bit on some of the areas within controls and cybersecurity.
Speaker 2:But one piece that just came out of an article that was passed to me by one of my friends at Nextpeak was around the NSA releasing a repository of signatures and analytics for OT. Now the interesting part on all this is this is in a GitHub library and it gives you different detection signatures and analytics for the overall OT networks. This is known as Elite Wolf and it helps defenders with critical infrastructure and defending the industrial base. So this is great stuff coming out of the NSA to give you some signatures to put into your SIMs to ensure that you can help protect your OT environments. This continues to be an attractive target by a lot of outside entities, and I've been saying this for years. The OT space is laggard behind in many ways around the protections and security, and there's a lot of different reasons for it, but when it comes right down to it, these will be a target in the future. One, because it can impact people's lives. Two, the amount of money that's spent on the OT space is not equate to the amount of money that's spent in other areas within cybersecurity, and so they're an easy target, and so I highly recommend that, if you are a cybersecurity professional in the OT world, go out and get as many resources as you can to understand the operational technology and industrial control environments. This is Elite Wolf. Again, go check it out with the NSA. You can go. They have a press release, but if you just Google NSA and Central Security Service and then type in Elite Wolf, you can now get that access on GitHub. Go check it out. I really recommend you do it and get some more information around what is out there for you. Okay, so let's get started about what we're going to talk about today with domain three. Okay, so this is domain 3.1, and these are some of the key things you're going to have to keep in mind when you're studying for the exam.
Speaker 2:So, threat modeling. What is threat modeling? This is where it identifies and prioritizes potential security threats and vulnerabilities and you use this model to kind of help you build out what controls would you put in place. And this integrates security into the very early stages of the system development lifecycle. So if you're building out a system, you want to do a threat model on what are the potential aspects that somebody could target your organization through that system. So you're just basically you're taking the system that's there and you're pulling it apart to figure out how could people use it and abuse it in a way that could basically gain access to your company Least privilege. This is where users and processes are granted only the minimum necessary access rights to perform their duties. Again, this is the bare minimum they need to perform their duties and you don't want to provide more access than they should have. And this is a problem with a lot of companies they will give too much access. This does reduce the potential impact for compromise by limiting the attacker's reach and minimizing what they can do.
Speaker 2:Defense in depth this implements multiple, overlapping security controls to protect the various assets within your organization and this is where you layer your defenses. It's not just one flat network, it's actually layered in different ways so that if they get through one layer, they still have another layer to go. It's the overall castle and moat kind of thought process. Now this aims to create resilient security posture where failure of one control does not lead to a breach. And again, that's the moat concept, where failure of one control does not lead to a breach. And again, that's the moat concept.
Speaker 2:Now, secure defaults this is where product systems and applications are configured to be secure, coming right out of the box. So when you pull them out of the box and you plug them in, they work and they're secure. That's where a secure default is set up. This also minimizes the attack surface by requiring you to have explicit action and to reduce the overall security, which means if you want to go turn security off, you have to physically go in and manually do that. The system doesn't come with open all on. It comes with more or less and this is a bit of an exaggeration but all closed and you then go in and you will modify the defaults to allow you the access you need for these systems.
Speaker 2:Continuing with 3.1, this is fail securely. In the event of a system or security control failure, the system defaults to a secure or more restrictive state. Again, this helps to avoid data exposure during potentially unexpected issues that may pop up. But it's the goal is that when it fails because it will it will fail in a secure format. It won't allow data to leave the organization. It won't provide data back to somebody who might be trying to sniff for data. It is failing secure Separation of duties.
Speaker 2:This divides into critical or sensitive tasks among multiple individuals to prevent fraud or error and we've talked about this in recent podcasts as well that you have separation of duties, especially for your money movers, and this is where no single person can complete the entire high-end risk process alone. And that just means if you're going to move money, then there has to be two-factor control, and this would be like, say, you're launching nuclear missiles, you would have two people with the keys turning them at the same time. Because, again, you want no one person to have that capability. You want to keep it simple. So what does this mean? This is where simplicity in design and implementation are so important.
Speaker 2:I cannot stress this enough, especially myself. I make this mistake a lot. What do I do? I want to geek out. I want to add a lot of cool stuff to it. Simple is better. My software developers that used to work for me. I keep trying to tell them simple is better. And all the extra features? All they do is they potentially add risk. That doesn't mean you add them, you don't add them in, but you have to have a good plan to do that. Complex systems are often harder to secure, manage and understand, leading to more vulnerabilities and higher risk. It doesn't mean you don't do it. It just means you have to take a good thought process and approach Always verify.
Speaker 2:Now, this again assumes no user device or network segment is inherently trustworthy, which it's not. I like to go with TNO trust no one. Or even if you kind of go back to what Ronald Reagan shows how old I am, it's trust but verify. The whole point of it is is in this fact with zero trust is you never trust, you always verify, and this requires strict identity verification, dry device authentication and authorization for each access attempt. Zero trust. I'm torn on this. I think it's a great thing, and I agree that zero trust is an important factor in all businesses. However, if you already have a network that's built and you're not Greenfield and you're not building it from scratch, that can be very challenging, and so you need to kind of consider what is it going to work? Now, when you're dealing with the Department of Defense, there's a lot about zero trust. So if you're getting into the contractor space for them, you need to really plan out with your CMMC certifications and understanding, what does it take to become zero trust?
Speaker 2:Continuing with domain 3.1, privacy by design this integrates privacy protection into the design and architecture of it systems and business practices from the beginning. It embeds privacy safeguards rather than adding them as an afterthought. Many times it is added as an afterthought. So you have to develop. When you're creating a product, you think about privacy at the beginning, not at the end. This happens a lot, especially when you deal with m&A type activities with security, where someone will buy a company and then they go oh yeah, we got to think about security, I don't know what we're going to do, yeah, so you've got to plan for it at the beginning.
Speaker 2:Trust but verify. We talked about that a little bit again with the zero trust. But you need to have a level of trust must be established. Continuous monitoring, aud, continuous monitoring, auditing and validation are still performed. Again, not all networks will be zero trust, so you need to trust but verify everything and this ensures that security policies and expected behaviors are consistently maintained. That's again you, just you have to plan for all of this shared responsibility.
Speaker 2:This is the distinct security obligations between cloud service providers, the csps, and its customers the cloud service provider, the CSPs, and its customers. The cloud service provider will secure the cloud itself from an infrastructure, but the customer secures the cloud in it, basically in the cloud. So what it comes down to is, as you build out the cloud, you'll have a service provider may provide that for you the shell, the bones. You, as the person who is using their service, may come in and then secure the inside, the guts of it. Again, it depends upon what kind of product you're buying and what you're using it for. But typically, if you're buying something that's already pre-established from an infrastructure standpoint, they would take care of the security of that. When you go in and then you configure the applications that are inside the cloud, that would be on you. But, depending upon how you provision it, you could be securing both the infrastructure and the overall applications themselves. So you need to make sure that you understand the responsibility. Who has the responsibility for the infrastructure? Who has responsibility for the application? Who has responsibility for the data? Okay, moving on to domain 3.2.
Speaker 2:We're dealing with understanding the fundamentals and concepts of the various security models. So we have the state machine model. Okay, so the state machine model defines a system in terms of states and transitions between those states, so not us country states or us states. It is the state of the system. The system is considered secure if it is all reachable states are secure states and all transitions maintain your security. So it's just basically that is. Their model is that you must have the states and transitions between those between going from one to the other is secure.
Speaker 2:Now the information flow model. This focuses on how information moves from the system and prevents unauthorized flow between security levels. If you have a security level here and a security level there, you have two different ones and they are different in what they are protecting. The data that moves from systems to systems must be authorized and in many cases you would not have data moving from one system to the next because you want to ensure that the data that stays in one system maintains security and the other one is secure in itself.
Speaker 2:A good example of this is you have top secret and secret systems. Information from a secret to a top secret system isn't automatic. They is it's basically you. If you were going to move data out of a top secret into a secret so that's basically taking them out you would have a process by which you would declassify or you would reduce the classification of one system to another. So it's there has to be a good protection between both of those specific instances non-interference model. This ensures that actions are performed at one security level, do not influence or provide information about the actions at a higher or different security level. Again, it basically you don't want one to give you inputs on the other and it ultimately what it don't want one to give you inputs on the other. And ultimately what it means is it means that the inputs from the high security subjects should not affect outputs observable by low security subjects. We did this in the military a lot, where you would have I would get unclassified information and I would be able to build a classified picture because I had enough unclassified information, I could actually understand what they're trying to accomplish from a larger standpoint.
Speaker 2:Now take grant model this is a discretionary access control model that represents as a graph, this is where subjects and objects are nodes and the rights are the edges. So basically it defines rules to take, grant, create, remove. All of those are rights that can be transferred or created. And that is the take or grant model. Access control matrix this is a fundamental concept that represents permissions in a table format. So you might have rows will be subjects, columns represent objects and in there they will indicate who has access to what, what systems have access to certain kinds of data, and that is just basically the access control matrix. All of these will determine what is indicated within the cells which will allow access rights.
Speaker 2:Now the Bellaputa model. This focuses on confidentiality and preventing unauthorized disclosure of information. It basically enforces a no read up and a no write down. So the point of it is is that it's a security process where you cannot read up into a higher classified system and you cannot write down, from a security standpoint as well. The Biba model this primarily focuses on integrity and preventing unauthorized modifications of information. It enforces a no read down model, simply, and then it has a no write up policy. So if you think about it that way, the Bell Laputa is no read up, the Biba is no read down, they're the opposites on that end. And then the same goes for the write down and no write up.
Speaker 2:Clark-wilson model this integrity model designed for commercial environments, emphasizing on well-formed transactions and separation of duties, and the point of it is is that they use constrained data items, or CDIs, and unconstrained data items UDIs, with transformational procedures to ensure you have data integrity. And the bottom line on this is that it's designed so that you well-formed transactions between different entities and there are separation of duties included within it. The Brewer Nash model this is the Chinese wall model. It's designed to prevent conflicts of interest, particularly in the financial or legal sectors, and it's subject to access information on one data set with the conflict of interest class, but cannot access any other data sets with the same class. The guggen messenger model this focuses on the integrity by defining a predefined access rules and well-formed transactions. It ensures that only authorized operations can change the state of the system and it obviously maintains the integrity of that system.
Speaker 2:The Sutherland model this is an integrity model that focuses on preventing inference. And Sutherland model. It's an integrity model that focuses on preventing inference or derivation of unauthorized information. It aims to prevent systems from reaching an insecure state by controlling how dependencies between the objects are managed. The Graham-Denny model this is a foundational model for representing and analyzing protection systems. It defines a set of basic rights such as create, delete, read, write, grant and transfer. Then there's the Harrison-Russo-Ullman model, hru model this is for access control matrix that analyze the safety problem, determine if a subject can ever gain an unauthorized right to an object. It does have theoretical limits deciding which system can reach an insecure state.
Speaker 2:Domain 3.3, security controls based upon security requirements. So common criteria this is an international standard, basically around evaluating security properties of IT products and systems, and it does provide a structured methodology for specifically analyzing security functional requirements, or SFRs, and security assurance requirements. You will see common criteria in many different forms when you are working within the security space. Authorization to operate, or ATO this is a declaration by the designated approval authority, so you'll be an individual within your organization that an information system is approved to operate in a specific environment. This is one that's more used in highly regulated environments. It's granted after comprehensive security assessment and confirms the system can meet acceptable risk levels. And again, more in the financial sector or in areas that are highly regulated.
Speaker 2:Common control authorization this refers to security controls that are inherent by multiple information systems or applications within an organization. These controls are typically managed and accessed once. Regarding the redundant efforts across various other systems. Common control authorization this refers to security controls that are inherited by multiple information systems or applications within an organization. These controls are typically managed and assessed once, reducing the redundant efforts across these systems. So there's just basically, they're inherited from various applications to others. Authorization to use often is used in conjunction with the ATO right, so your ATO will say, yes, you can do it, and this is specifically granting individual users or groups permissions to access and utilize systems that has received an ATO, an authorization to operate. It focuses on user level access and also the documentation that goes with that. Denial of authorization occurs when a system or component fails to meet the required security posture or risk tolerance during an assessment, and this indicates when the system cannot be deployed or operated until identified security deficiencies are remediated.
Speaker 2:Domain 3.4, understand the security capabilities of information systems, and this includes TPMs encryption and decryption Memory protection mechanisms that prevent processes from accessing memory areas not allocated to them. It's crucial for preventing unauthorized access, code injection and system crashes. You want to make sure that your memory that's inside your systems are protected from potential hacks or just the fact that they're not properly set up and therefore they have too much. If something happens to them, they can crash and cause data loss. Memory vulnerabilities you include buffer overflow, which is writing more data to a buffer than it can hold. Dangling pointer or use after free this is accessing memory after it's been deallocated. Again, you may run into some issues where you get bad memory and then it causes more issues with your systems. Memory leaks these are failure to release memory that is no longer needed, leading for performance degradation and potential system instability. And then race conditions this is where multiple processes are accessing and modifying a shared memory concurrently and leading to unexpected results.
Speaker 2:Virtualization this allows multiple virtual machines to run on a single physical host. Hypervisors. They manage and isolate virtual memory and they also are vulnerabilities in the hypervisor that can impact all VMs. If you take over one hypervisor, you can potentially take over many VMs. The hypervisor is where everything sits. Trusted platform module this is a secure crypto processor on the motherboard and it stores cryptographic keys and performs integrity checks. We talked about TPM in various countries and the importance of having TPM enabled. It's used for secure boot processes, verifies the integrity and system memory and loaded components before the operating system startup.
Speaker 2:Memory of interfaces, the hardware and the software components that allow the CPU and other devices to read from and write to memory. This is a secure design of these interfaces to ensure that they don't allow unauthorized access or manipulation of the data, so you need to make sure any data going in and coming out is not being affected. Fault tolerance this is the ability for a system to continue operating without interruption in the event of a component failure. This includes memory through achieving through ECC, which is error correcting code, which will correct the issues that you may find, raid for storage or redundant memory modules. Again, you want to build in and you probably not, you're not doing this, but the systems that you buy you want to have some level of built-in fault tolerance related to data control, encryption and decryption. Obviously, encryption is protecting the data at rest in memory and data in use by making it unreadable because of the fact that it has a key. Unless you have the decryption key. The decryption is a process of converting the encryption back to its original readable form and state. It is used to protect sensitive information from being read if the memory is potentially compromised. Overall, that's what you want to do by doing this entire process.
Speaker 2:Encryption and decryption is an important part of all security programs. Memory protection best practices. You have secure coding. This implements practices like input validation, which is minimizing what inputs can be put into a box, a line item in your memory or in your web form, or whatever it might be. Bounce checking to prevent buffer overflows. And then you have data execution prevention, or DEP, or no execute bit and X this is marking memory regions as non-executable to prevent any sort of malicious code from running in those specific areas. Address Space Layout Randomization, or ASLR this is randomizing memory addresses of key data areas to make it harder for attackers to predict locations of exploits. And then memory-safe languages this is using programming languages that inherently prevent common memory errors. Regular patching obviously is an important part in maintaining your memory protection best practices. Again, keeping operating systems and applications updated helps fix or address issues you may run into with these various systems. So, again, secure coding, data execution prevention, address space layout, randomization, memory, safe languages and regular patching. You'll see more about DEP and ASLR, especially on the CISP.
Speaker 2:Thanks so much for joining me today. This was part one of Domain 3's Rapid Review. You can expect next week or the next episode will be part two of Domain 3's Rapid Review. You can get all of this content at CISSP Cyber Training. Head on over there. You get access to all of my podcasts. You can get access to over 1,500 CISSP questions. There's all kinds of content that's available for you at CISSP Cyber Training Tons.
Speaker 2:If you really want to get the CISSP and you want to learn it, it will walk you through step by step by step on what you need to know to pass the exam. So head on over to CISSP Cyber Training. Thanks so much again for joining me. Have a wonderful day and we will catch you on the flip side, see ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes, as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube and just head to my channel at CISSP Cyber Training and you will find a plethora or a cornucopia of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.
