Friday, September 03, 2010

CISSP® Study Guide sample chapter posted

Elsevier posted a sample chapter from CISSP Study Guide. Chapter 4, Domain 3: Cryptography: http://www.elsevierdirect.com/samplechapters/9781597495639/02~Chapter_4.pdf

Here's a small section:


Digital Signatures

Digital signatures are used to cryptographically sign documents. Digital signatures provide nonrepudiation, which includes authentication of the identity of the signer, and proof of the document’s integrity (proving the document did not change). This means the sender cannot later deny (or repudiate) signing the document.

Roy wants to send a digitally signed email to Rick. Roy writes the email, which is the plaintext. He then uses the SHA-1 hash function to generate a hash value of the plaintext. He then creates the digital signature by encrypting the hash with his RSA private key. Figure 4.13 shows this process. Roy then attaches the signature to his plaintext email and hits send.

Figure 4.13, Creating a digital signature
Rick receives Roy’s email and generates his own SHA-1 hash value of the plaintext email. Rick then decrypts the digital signature with Roy’s RSA public key, recovering the SHA-1 hash Roy generated. Rick then compares his SHA-1 hash with Roy’s. Figure 4.14 shows this process.

Figure 4.14, verifying a digital signature

If the two hashes match, Rick knows a number of things:

  1. Roy must have sent the email (only Roy knows his private key). This authenticates Roy as the sender.
  2. The email did not change. This proves the integrity of the email.

If the hashes match, Roy cannot later deny having signed the email. This is nonrepudiation. If the hashes do not match, Rick knows either Roy did not send it, or that the email’s integrity was violated.

I took many of the photos from this chapter at the National Cryptologic Museum in Fort Meade, Maryland. I highly recommend this museum, for old and young cryptographers alike.
Posted by at 5:19 PM 0 comments

Tuesday, August 17, 2010

Ben Rothke Reviews The CISSP® Study Guide

Ben Rothke reviews the CISSP® Study Guide:

Quoting from Ben's review:
The common wisdom is to choose two study guides when preparing for the CISSP exam.  For those that are serious about passing, the CISSP Study Guide should be one of them.
https://365.rsaconference.com/blogs/securityreading/2010/08/17/cissp-study-guide
Posted by at 3:31 PM 2 comments

Monday, August 09, 2010

500 Free CISSP® Practice Questions

Syngress has posted 500 free CISSP® practice questions:

http://booksite.syngress.com/companion/conrad/

Two full CISSP® practice exams.  These questions were put together in support of the CISSP® Study Guide.
Posted by at 5:47 PM 1 comments

Friday, July 09, 2010

The CISSP® Study Guide has been sent to the printer!!!

The final PDFs for the Syngress CISSP® Study Guide were completed today, and sent to the printer!! It's due out next month. You can pre-order on Amazon.
Posted by at 6:31 PM 0 comments

Monday, May 24, 2010

Security 560 in Brisbane, Australia

I'm in Brisbane, Australia teaching Security 560: Network Penetration Testing and Ethical Hacking this week. Having an awesome time so far. It will take me awhile to get used to saying "D M Zed."

Here's a link to my talk tonight: Look Out! Open Source Extrusion Detection
Posted by at 9:35 PM 0 comments

Monday, March 22, 2010

CISSP Study Guide due out August 6th

Just a quick note to say The CISSP Study Guide is due out on Syngress August 6th.  You can pre-order on Amazon. The Eleventh Hour CISSP is due out on August 29th.
Posted by at 4:33 PM 0 comments

Wednesday, November 18, 2009

Identifying Counterfeit Cisco Equipment

Waking Sleeping Dogs: Information Security Ethics, a paper I wrote for my SANS Technology Institute masters degree, has generated a lot of great comments and questions.

Many folks are asking how to identify counterfeit Cisco gear that may be their environment. Continue reading for how we did it.

Our biggest counterfeit problem was with SFPs and GBICs. Our investigation showed we received them from a number of sources (all Cisco registered resellers), including a Cisco Gold partner.

We initially detected them due to shoddy packaging: labels that smear, cheap boxes, etc. The Cisco logo used was several generations old. Cisco is usually diligent on labeling: the serial number on the device matches the number on the bag (or box).

The counterfeit gear had a label/serial number on the device, but no serial number on the bag or box.

Once we investigated, there was a clear pattern on the counterfeit gear, regarding bogus serial numbers.

A legit SFP looks like this:

DECKARD-C3750-1#show idprom interface gigabitEthernet 1/0/1

General SFP Information
------------------------------
Identifier : 0x03
Connector : 0x07
Transceiver : 0x00 0x00 0x00 0x01 0x20 0x40 0x0C 0x01
Encoding : 0x01
BR_Nominal : 0x0C
Vendor Name : CISCO-FINISAR
Vendor Part Number : FTRJ-8519-7D-CSC
Vendor Revision : 0x00 0x00 0x00 0x00
Vendor Serial Number : FNS0827A12H

The key is the serial number (bolded), which is in the standard Cisco format for SFPs: 3 letters, followed by 4 numbers, followed by 4 letters/numbers. The 1st 3 letters are the factory, the next 4 numbers are a date code, and the last 4 letters/numbers are a unique ID.

Here's a counterfeit SFP:

BATTY-C3750-1#show idprom interface gigabitEthernet 1/0/1

General SFP Information

------------------------------

Identifier : 0x03
Connector : 0x07
Transceiver : 0x00 0x00 0x00 0x01 0x20 0x40 0x0C 0x00
Encoding : 0x01
BR_Nominal : 0x0C
Vendor Name : CISCO-FINISAR
Vendor Part Number : FTRJ-8519-7D-CSC
Vendor Revision : 0x20 0x20 0x20 0x20
Vendor Serial Number : H11F797

Note the serial number 'H11F797' is not in the standard (longer) format. This is very typical, and how we identified hundreds of bogus SFPs that were in production. The initial letter changes (we saw some begin with H, and P).

Also, in restrospect, we realized the counterfeit devices had a far higher failure rate than real Cisco. We shipped the questionable SFPs to Cisco Brand Protection Labs, and they verified all were counterfeit.

Here's a photo of an SFP that appears to be counterfeit:



Note the serial number. This photo was taken from a reseller located in Asia. This SFP is priced for $20 on that site (a real SFP from a legitimate Cisco reseller lists for hundreds). That seller has plenty of other "Cisco" equipment for sale at equally impressive discounts compared to legit gear:
  • CISCO GBIC&SFP
  • CISCO MODULE
  • WIC CARD
  • NETWORK MODULE(NM)
  • VWIC CARD
  • VIC CARD
  • 1700 SERIES
  • 1800 SERIES
  • 2800 SERIES
  • 2950 SERIES
  • 2970 SERIES
  • 3560 SERIES
All of this stuff ends up in secondary channels like Ebay. Some Cisco certified resellers get greedy, buy the counterfeit stuff for pennies on the dollar, and then resell it a 'great discount.' All of this violates their Cisco reseller agreement, but greed seems to win the day.

We got ours for 50% off Cisco list. These parts listed for $500 then (they are less now). We got a bargain price of $250: for a $20 knockoff.
Posted by at 9:03 AM 3 comments
Subscribe to: Posts (Atom)