🎯 Purpose of Domain 3

This domain focuses on the foundational principles and practices needed to design, build, and maintain secure IT systems. It emphasizes how to integrate security throughout the system development life cycle, evaluate architectures, and apply technical controls across various environments — from traditional IT to cloud and emerging technologies.

Considering the domain depth, i have summarized the notes into two parts, and this is Part II. Happy Learning 1

🔐 3.6: Select and Determine Cryptographic Solutions

🎯 Objective

To enable security professionals to evaluate, select, and implement cryptographic tools that meet specific security objectives such as confidentiality, integrity, authentication, and non-repudiation. This includes understanding the entire cryptographic lifecycle, types of algorithms, PKI architecture, and preparing for post-quantum threats.

1️⃣ Cryptographic Lifecycle

Understanding the lifecycle of cryptographic assets is critical to ensure security throughout the creation, use, and disposal of cryptographic keys and algorithms.

🔄 Lifecycle Phases

🔐 Best Practices:

• Use dedicated KMS (Key Management Systems)
• Maintain key usage policies aligned with compliance (PCI-DSS, GDPR, HIPAA)

🧠 Example: An organization uses AWS KMS with automatic key rotation enabled every 12 months, enforcing compliance and reducing risk.

2️⃣ Cryptographic Methods

Selecting the right cryptographic method depends on your use case, performance constraints, and security goals.

🔐 Symmetric Cryptography

Definition: A single key is used for both encryption and decryption.

🔄 Pros:

• Fast and efficient
• Ideal for bulk data encryption

🚫 Cons:

• Key distribution problem — secure exchange is difficult

🔐 Asymmetric Cryptography

Definition: Uses a key pair — public key for encryption, private key for decryption (or signing and verification).

🔄 Pros:

• Solves key distribution problem
• Enables digital signatures

🚫 Cons:

• Slower than symmetric encryption
• Not suitable for large data encryption

🧠 Example: RSA encrypts the AES session key during HTTPS connection setup.

🔐 Elliptic Curve Cryptography (ECC)

Definition: A form of asymmetric cryptography offering comparable security with smaller key sizes.

🔄 Benefits:

• Lower power consumption
• Ideal for IoT, mobile, and embedded systems

🧠 Example: Apple Pay and Android Keystore use ECC for secure biometric transactions.

⚛️ Quantum Cryptography (Emerging)

Definition: Cryptographic methods resistant to quantum attacks or that leverage quantum principles.

A. Quantum Key Distribution (QKD)

• Uses quantum physics (e.g., photons) to share encryption keys.
• Detects eavesdropping automatically due to quantum state changes.

B. Post-Quantum Cryptography (PQC)

• Classical cryptographic systems resistant to quantum algorithms.
• Based on lattice-based, hash-based, or multivariate structures.

🧠 NIST PQC finalists (2024):

• Kyber – Public-key encryption/key encapsulation
• Dilithium – Digital signatures

🔮 CISSP Insight: Be aware of quantum threats to RSA, ECC, DH, and prepare for migration to PQC algorithms.

3️⃣ Public Key Infrastructure (PKI)

PKI enables the secure distribution and management of public keys using a trust model based on digital certificates.

🧱 PKI Components

🔐 PKI Use Cases:

• SSL/TLS – Secure websites and web applications
• S/MIME – Email encryption
• Code Signing – Software integrity assurance
• VPN Authentication – User/device access control
• Document Signing – Legal e-signatures

🧠 Example: A company uses Microsoft Active Directory Certificate Services (AD CS) to issue internal TLS certificates for VPN, Wi-Fi, and system authentication.

📊 Summary

🧠 3.7 – Understand Methods of Cryptanalytic Attacks

🎯 Objective

Cryptanalytic attacks aim to break or bypass cryptographic systems, not by brute-forcing the math alone, but by exploiting weaknesses in implementation, key management, ciphertext patterns, or user behavior.

🔐 1. Brute Force Attack

• Definition: An exhaustive method of trying every possible key until the correct one is found.
• Goal: Recover the encryption key or password.
• Example: A 128-bit AES key has 2¹²⁸ possibilities; impractical to brute-force without a vulnerability.
• Mitigations:
  • Use strong key lengths (e.g., 256-bit for AES).
  • Implement rate-limiting, lockouts after failed attempts.
  • Employ key derivation functions (KDFs) like PBKDF2, bcrypt.

🕵️ 2. Ciphertext-Only Attack

• Definition: The attacker has access to ciphertext only and tries to deduce plaintext or key.
• Goal: Infer original plaintext using statistical methods or known characteristics of the message.
• Example: Guessing encrypted email headers or file formats.
• Mitigations:
  • Use secure encryption algorithms with randomized IVs.
  • Avoid deterministic encryption.
  • Encrypt full message with padding.

🔍 3. Known Plaintext Attack (KPA)

• Definition: The attacker knows or can guess parts of the plaintext and its corresponding ciphertext.
• Goal: Use the known relationship to uncover the key or decrypt other ciphertexts.
• Example: Encrypted login page where the structure is known.
• Mitigations:
  • Add randomness (e.g., salt or IV).
  • Use block chaining modes like CBC or CTR.
  • Use authenticated encryption (e.g., AES-GCM).

📊 4. Frequency Analysis

• Definition: Examines the frequency of letters or symbols in the ciphertext to deduce the plaintext.
• Goal: Break substitution and classical ciphers by comparing frequency with known language patterns.
• Example: Cracking Caesar or monoalphabetic ciphers.
• Mitigations:
  • Use modern ciphers like AES that flatten frequency.
  • Avoid simple or manual encryption techniques.

🧬 5. Chosen Ciphertext Attack (CCA)

• Definition: The attacker chooses ciphertexts and obtains the corresponding decrypted plaintexts.
• Goal: Use this oracle access to learn information about the key or the plaintext.
• Example: Padding Oracle Attacks on CBC-mode ciphers.
• Mitigations:
  • Implement authenticated encryption (e.g., AES-GCM).
  • Avoid exposing decryption services or error messages.
  • Sanitize input/output of cryptographic services.

⚙️ 6. Implementation Attacks

These attacks target how cryptographic functions are implemented, not the algorithm itself.

a. Side-Channel Attack

• Definition: Exploits information leaked via hardware (e.g., power usage, electromagnetic leaks).
• Example: Analyzing CPU power usage during encryption to guess key bits.
• Mitigations:
  • Hardware shielding.
  • Power balancing and random delays.
  • Blinding techniques.

b. Fault Injection

• Definition: Inducing faults in hardware/software (e.g., voltage glitching) to alter encryption behavior.
• Example: Skipping verification steps or bypassing key checks.
• Mitigations:
  • Use fault-tolerant hardware.
  • Perform integrity checks and error correction.

c. Timing Attacks

• Definition: Measuring how long it takes for encryption or decryption to execute.
• Example: Guessing a password based on character-by-character comparison delays.
• Mitigations:
  • Use constant-time code for comparisons.
  • Avoid branching logic based on secrets.

🧑‍💻 7. Man-in-the-Middle (MITM) Attack

• Definition: An attacker intercepts communication between two parties to eavesdrop or modify messages.
• Example: Intercepting public key exchange during SSL handshake.
• Goal: Steal credentials, inject commands, or alter traffic.
• Mitigations:
  • Use mutual TLS authentication.
  • Implement certificate pinning and strong PKI validation.
  • Employ encrypted and integrity-checked protocols.

🧾 8. Pass-the-Hash Attack

• Definition: Attackers steal hashed credentials (usually NTLM) and reuse them to authenticate without cracking them.
• Example: Extracting NTLM hashes from Windows LSASS process and authenticating to another system.
• Mitigations:
  • Disable NTLM and use Kerberos.
  • Apply Credential Guard and LSASS protection.
  • Segment networks and restrict lateral movement.

🪪 9. Kerberos Exploitation

• Definition: Attacks against the Kerberos authentication protocol used in Active Directory environments.
• Examples:
  • Golden Ticket: Forge a TGT using the KRBTGT account key.
  • Pass-the-Ticket: Use a stolen Kerberos ticket to authenticate.
• Mitigations:
  • Protect the KRBTGT account and rotate keys.
  • Monitor ticket issuance and unusual logins.
  • Enforce short ticket lifetimes and multi-factor authentication.

🧨 10. Ransomware

• Definition: Malware that encrypts user files and demands payment (often in cryptocurrency) to release the decryption key.
• Example: WannaCry, Ryuk, LockBit attacks on hospitals, enterprises, and critical services.
• Goal: Extort money through encryption-based denial of access.
• Mitigations:
  • Maintain regular and offline backups.
  • Use endpoint detection & response (EDR).
  • Patch vulnerabilities and train users against phishing.

✅ Summary

🏢3.8 – Apply Security Principles to Site and Facility Design

🎯 Objective

This section emphasizes how physical environments are designed and secured to support information systems’ confidentiality, integrity, and availability (CIA). It involves strategic facility planning, defense-in-depth, and risk mitigation through architectural and environmental controls.

🧭 1. Site Selection and Location Considerations

a. Geographical and Environmental Risk

• Assess risks like floods, earthquakes, storms, or extreme weather.
• Avoid locations prone to:
  • Natural disasters (e.g., fault lines, flood plains)
  • Political unrest or terrorism-prone regions
• Example: Avoid data centers near coastal flood zones or active volcanoes.

b. Utility Support & Infrastructure Reliability

• Sites must have stable power, water, and communication lines.
• Ensure:
  • Multiple power feeds, UPS systems, and backup generators
  • Diverse ISP paths for internet
• Risk: A single point of utility failure can cause full outage.

c. Proximity Hazards

• Do not place facilities near:
  • Chemical factories, fuel storage, or nuclear sites
  • High-traffic transportation hubs (risk of accidents or EMP)
• Example: Avoid co-locating a server farm next to a fuel depot.

🛡️ 2. Physical Security Design (Layered Security / CPTED)

Adopt a defense-in-depth approach, also known as Concentric Ring Protection, which increases security as one moves inward.

a. Perimeter Security (Outer Layer)

• Fencing (minimum 7 feet, with anti-climb design)
• Barriers like bollards, gates, and berms
• Security lighting to discourage intruders
• Surveillance: PTZ (Pan-Tilt-Zoom) and infrared-enabled cameras

b. Exterior Controls (Mid Layer)

• Access checkpoints: turnstiles, guards, license plate recognition
• Vehicle access restrictions: crash-resistant gates or road spikes
• Use of mantraps and sally ports

c. Interior Security (Inner Layer)

• Badge systems with role-based access
• Biometric authentication for sensitive areas (e.g., retina, fingerprint)
• Lockable server racks, safes for critical hardware
• Security zoning (e.g., color-coded access zones)

🔐 3. Access Control Mechanisms

Physical access must follow least privilege and need-to-know principles.

• Multi-factor physical access:
  • Something you have: RFID badge
  • Something you are: Biometric data
  • Something you know: PIN
• Implement:
  • Smart locks, proximity card readers, biometric scanners
  • Air-gapped controls for high-security zones
• Logging & Monitoring:
  • Every access event must be logged
  • Integrate physical logs with SIEM platforms

🔥 4. Facility Safety, Fire, and Environmental Controls

a. Fire Detection and Suppression

• Detection:
  • Smoke detectors, flame detectors, heat sensors
• Suppression:
  • Wet-pipe: always full of water; fastest but risky for electronics
  • Dry-pipe: filled with compressed air until activated
  • Pre-action: two-step confirmation; ideal for server rooms
  • Gas-based: FM-200, CO₂ for data centers (non-water-based)

b. HVAC Controls

• Regulate temperature and humidity in equipment rooms
• Maintain positive pressure to prevent dust or contamination
• Redundancy is key (e.g., N+1 configuration)

c. Emergency Systems

• Marked and illuminated exit signs
• Backup lights and public announcement systems
• Fire doors with fail-safe or fail-secure mechanisms

🧑‍🤝‍🧑 5. Personnel Safety and Awareness

People are often the weakest link in physical security. Ensure:

• Security guards at strategic locations
• Visitor policies:
  • Visitor badges
  • Escort requirements
  • Log books or digital sign-in systems
• Staff training:
  • Physical security awareness
  • How to spot and report tailgating or social engineering

Note

• Tailgating = unauthorized person following an authorized individual.
• Piggybacking = authorized user knowingly allows another to enter.

🔁 6. Maintenance, Monitoring, and Response Planning

a. Monitoring Systems

• Integrate:
  • CCTV with live monitoring and recording
  • Motion detectors and magnetic door sensors
• Use Security Information and Event Management (SIEM) to correlate physical + logical access logs

b. Incident Preparedness

• Establish and rehearse:
  • Fire drills
  • Intrusion response plans
  • Evacuation protocols
• Integrate with Business Continuity and Disaster Recovery Plans (BCP/DRP)

c. Audits & Inspections

• Perform regular:
  • Physical security assessments
  • Policy compliance checks
  • Access rights reviews

🧰 7. Special Area Design Considerations

a. Server Room / Data Center

• Hardened walls (concrete, blast-resistant)
• Limited entry points with airlock doors or mantraps
• Shielding (e.g., Faraday cages) for TEMPEST protection
• Environment controls: precise humidity/temperature

b. Public / Reception Areas

• Secure desk with panic alarms
• Controlled visitor movement
• Partitioned access so guests can’t reach secure zones

c. Shipping and Loading Areas

• Segregate loading docks from internal secure zones
• Install surveillance and package inspection systems
• Use interlocked access (one door must close before another opens)

✅ Summary

🏢3.9 – Design Site and Facility Security Controls

🎯 Objective

Effective facility security design involves protecting all critical components—from wiring closets to data centers—by addressing physical, environmental, and operational threats. This includes prevention, detection, response, and recovery controls for all layers of a facility.

🔌 1. Wiring Closets / Intermediate Distribution Facilities (IDFs)

Purpose: Houses the network and telecommunications cabling infrastructure, including patch panels, switches, and routers.

Security Controls:

• Controlled Access: Secure with locks, keycards, or biometrics. Only authorized personnel allowed.
• No Signage: Do not label or publicly identify these areas to avoid targeting.
• Tamper Protection: Alarms and CCTV to detect unauthorized access.
• Environmental Controls: Ventilation or cooling to prevent heat buildup.
• Physical Security: Keep equipment in locked racks or cabinets.

🖥️ 2. Server Rooms / Data Centers

Purpose: Centralized facility that hosts servers, storage systems, and networking infrastructure.

Security Controls:

• Perimeter Hardening: Construct with reinforced concrete and limited entry points.
• Access Control: Use dual-factor authentication (badge + biometrics) and mantraps.
• Environmental Monitoring: Track temperature, humidity, and airflow for equipment protection.
• Fire Suppression: Use inert gas systems like FM-200 or pre-action sprinklers.
• Video Surveillance: Real-time monitoring with motion-triggered recording.
• Power Redundancy: UPS, diesel generators, dual feeds, and battery backups.
• Cabling Management: Raised flooring or ceiling trays for power and network separation.

💾 3. Media Storage Facilities

Purpose: Secure storage for backup tapes, removable drives, and archival data (often long-term retention).

Security Controls:

• Access Restrictions: Limit access based on job function. Require logging of all entries.
• Fireproof and Waterproof Safes: Protect physical media from environmental threats.
• Environmental Controls: Maintain stable temperature and humidity to prevent degradation.
• Inventory Management: Label, track, and audit all media using barcodes or RFID.
• Data Encryption: Ensure stored media is encrypted to prevent unauthorized disclosure.
• Offsite Replication: Store backups in geographically separate secure facilities or via cloud.

📁 4. Evidence Storage

Purpose: Preserve physical or digital evidence for legal, forensic, or audit use, ensuring integrity and admissibility.

Security Controls:

• Chain of Custody Documentation: Track who accessed, when, and why.
• Restricted Access: Entry allowed only for designated security or forensic staff.
• Tamper-Evident Storage: Use sealed, labeled containers or bags with audit trails.
• Digital Evidence Handling: Store hashes for integrity; limit write access; maintain logs.
• Video Surveillance: Monitor room with continuous recording and alert on unauthorized access.

🧑‍💼 5. Restricted and Work Area Security

Purpose: Secure zones where sensitive operations occur, such as executive suites, research labs, or operations centers.

Security Controls:

• Physical Barriers: Walls, locked doors, and turnstiles separating restricted areas.
• Role-Based Access: Enforce least privilege physically—access only for those with a job need.
• Surveillance: Monitor entries/exits and detect loitering or tailgating.
• Workstation Security: Use screen privacy filters, cable locks, and disable ports where possible.
• Escort Requirements: Non-employees or visitors must be accompanied at all times.
• Proximity Restrictions: Prevent wireless signals from leaking outside sensitive areas (e.g., Faraday shielding).

🌬️ 6. Utilities and HVAC

Purpose: Ensure uninterrupted power, cooling, and ventilation for the facility and IT equipment.

Security Controls:

• Redundant HVAC Systems: Ensure uptime using N+1 or 2N redundancy models.
• Secure Utility Access Points: Protect cable entry, water lines, and gas lines from sabotage or tampering.
• Tamper-Proof Equipment Rooms: Restrict access to utility rooms, power converters, HVAC panels.
• Power Filtering: Use surge protectors and voltage regulators to maintain stable power.
• Monitoring and Alerts: Automate alerts for HVAC failures, power surges, or anomalies.

🌍 7. Environmental Issues

a. Natural Disasters

Considerations:

• Site selection should avoid high-risk zones (flood plains, seismic zones).
• Elevate critical systems above flood levels.
• Install seismic bracing for racks in earthquake zones.

Mitigations:

• Disaster recovery planning.
• Use waterproof/fireproof building materials.
• Install drainage and lightning arrest systems.

b. Man-Made Threats

Considerations:

• Risk of explosions, chemical leaks, riots, or sabotage near industrial zones or military bases.

Mitigations:

• Use blast-resistant windows, barriers, and buffer zones.
• Monitor surroundings with external surveillance.
• Create stand-off distances to protect against vehicle-borne threats.

🔥 8. Fire Prevention, Detection, and Suppression

Fire Prevention:

• Maintain clean, clutter-free environments with limited flammable materials.
• Avoid overloading circuits and ensure proper electrical grounding.

Fire Detection:

• Use multi-sensor detectors: smoke, flame, and heat.
• Integrate with facility-wide alarm systems and automatic alerts to emergency response teams.

Fire Suppression:

• Choose system based on environment:
  • Wet-Pipe: Always filled with water, quick response, but risky for electronics.
  • Dry-Pipe: Water held back until fire confirmed.
  • Pre-Action: Requires two triggers; safe for data centers.
  • Clean Agent: FM-200, CO₂, or Inergen; no residue and safe for electronics.
• Install manual extinguishers (ABC class for mixed environments).

⚡ 9. Power (Redundant and Backup Systems)

Purpose: Maintain availability of systems during power disruptions or failures.

Security Controls:

• Uninterruptible Power Supply (UPS):
  • Provides short-term power during outages or generator switchover.
  • Also stabilizes voltage.
• Backup Generators:
  • Diesel, natural gas, or battery-powered systems for extended outages.
  • Regularly tested and fueled.
• Automatic Transfer Switches (ATS):
  • Seamlessly switches from utility to backup power.
• Power Distribution Units (PDUs):
  • Monitored and segmented to isolate faults.
• Dual Power Feeds:
  • From separate utility sources to eliminate single points of failure.
• Power Monitoring:
  • Smart grid integration and real-time alerting for anomalies or failures.

✅ Summary

🔄 3.10 – Manage the Information System Lifecycle

🎯 Objective

Managing the information system (IS) lifecycle means overseeing the secure planning, design, development, use, maintenance, and eventual disposal of IT systems. Security must be integrated at every phase to ensure confidentiality, integrity, and availability (CIA).

🔹 1. Stakeholder Needs and Requirements

Objective

Identify what the system must achieve based on input from all parties affected by or responsible for the system.

Key Actions

• Engage stakeholders (users, management, compliance, IT, legal).
• Define business goals, security expectations, and compliance needs.
• Translate high-level objectives into security requirements (e.g., confidentiality, auditability).

CISSP Relevance

Failure to involve stakeholders early often results in missed security goals or non-compliance later.

🔹 2. Requirements Analysis

Objective

Convert stakeholder input into specific, measurable system and security requirements.

Key Actions

• Identify functional and non-functional requirements (performance, scalability, security).
• Perform risk assessments and define security controls needed (e.g., encryption, access control).
• Align with regulatory or industry frameworks (HIPAA, ISO 27001, etc.).

CISSP Relevance

Ensure that security is a built-in requirement, not an afterthought. This phase forms the foundation for control selection.

🔹 3. Architectural Design

Objective

Create a system architecture that addresses all security and operational requirements.

Key Actions

• Design logical and physical system components (networks, apps, databases).
• Choose trust boundaries, zones, and segmentation strategies.
• Plan for redundancy, fault tolerance, and security layering (defense in depth).
• Incorporate secure-by-design and privacy-by-design principles.

CISSP Relevance

Design choices affect security posture permanently. Mistakes at this phase are costly to fix later.

🔹 4. Development / Implementation

Objective

Build and configure system components according to the approved design.

Key Actions

• Use secure coding practices (OWASP, SANS).
• Implement configuration baselines and hardened images.
• Track changes with version control and change management systems.
• Conduct unit testing and code reviews to catch vulnerabilities early.

CISSP Relevance

This phase directly introduces systems to potential threats. Flawed implementation undermines design security.

🔹 5. Integration

Objective

Bring all subsystems together and ensure they interact securely and correctly.

Key Actions

• Validate API security, inter-process communication, and data flow integrity.
• Ensure authentication, authorization, and encryption are consistent across modules.
• Validate that security controls work end-to-end across combined components.

CISSP Relevance

Integration can introduce new vulnerabilities if individual systems were developed in isolation.

🔹 6. Verification and Validation (V&V)

Objective

Confirm the system meets design specifications and security requirements.

Key Actions

• Perform security testing (e.g., vulnerability scans, penetration tests, code audits).
• Run functional testing to ensure proper behavior under expected conditions.
• Validate compliance with regulatory mandates and internal policies.
• Conduct user acceptance testing (UAT), including secure usage scenarios.

CISSP Relevance

Final chance to identify and fix flaws before deployment. Missed issues become live threats.

🔹 7. Transition / Deployment

Objective

Move the system from testing into production securely and smoothly.

Key Actions

• Follow a controlled change and release management process.
• Perform a go-live readiness review, including rollback plans.
• Ensure security monitoring is in place from day one.
• Provide user training and documentation, including security best practices.

CISSP Relevance

A poorly managed transition may expose the system during handoff or create downtime security risks.

🔹 8. Operations and Maintenance / Sustainment

Objective

Maintain the system in a secure, functional, and updated state.

Key Actions

• Monitor logs, alerts, and usage for anomalies (via SIEM/SOC).
• Apply patches, hotfixes, and firmware updates regularly.
• Enforce configuration management and access reviews.
• Conduct periodic vulnerability assessments and audits.
• Ensure incident response procedures are active and tested.

CISSP Relevance

The longest lifecycle phase. Systems in production require continuous security vigilance.

🔹 9. Retirement / Disposal

Objective

Decommission the system securely without leaving residual risk.

Key Actions

• Back up and archive necessary data according to retention policies.
• Perform data sanitization: wiping, degaussing, or physical destruction.
• Revoke system access, credentials, and authentication tokens.
• Document the retirement and confirm system is no longer active in any environment.

CISSP Relevance

Improper disposal is a major source of data breaches (e.g., disks sold without sanitization).

🧠 Lifecycle Flow Summary

✅ Closing Summary

🧱 Core Concepts

• Secure Design Principles: Least privilege, defense in depth, fail-safe defaults.
• Security Models: Bell-LaPadula (confidentiality), Biba (integrity), Clark-Wilson (commercial integrity).
• System Architecture: Understand and secure OS, hardware, firmware, cloud, and embedded systems.
• Cryptography: Apply crypto lifecycle, symmetric/asymmetric methods, hashing, and PKI.
• Cryptanalytic Attacks: Recognize brute force, side-channel, MITM, ransomware, Kerberos exploits.
• Facility Security: Design layered physical controls for server rooms, media storage, HVAC, power.
• Lifecycle Management: Embed security across all phases—from planning to retirement.

🧠 Key Takeaways

📌 Final Thought

Domain 3 bridges theoretical security (models, crypto) with practical implementation (system architecture, facility control, lifecycle security). Mastery here means thinking like a designer, defender, and assessor—all at once.