CCT 008: Manage Engineering Secure Design (CISSP Domain 3)

cissp domain 3 Feb 20, 2023
CISSP Cyber Training
CCT 008: Manage Engineering Secure Design (CISSP Domain 3)

Shon Gerber from provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge in cybersecurity from being a Red Team Squadron Commander; Chief Information Security Officer (CISO); and Adjunct Professor providing superior training from his years of experience in educating people in cybersecurity. 

In this episode, Shon will talk about the following items that are included within Domain 3 (Security Architecture and Engineering) of the CISSP Exam:

·         CISSP / Cybersecurity Integration – Trusted Computing Base (TCB)

·         CISSP Training –  Manage Engineering Processes Using Secure Design

·         CISSP Exam Question – CIA / TPM

BTW - Get access to all my Training Courses here at:

Want to find Shon Gerber / CISSP Cyber Training elsewhere on the internet?

LinkedIn – -

Facebook -



Gain access to 30 FREE CISSP Exam Questions each and every month by going to and sign-up to join the team for Free. 



[00:00:00] Hey all, this is Shon Gerber. Thanks for listening today. But before we get started, I have some great news for my listening audience. I'm getting ready to launch my brand new site, cissp cyber, here on March 1st, 2023, and it is going to be, Awesome. There is a new website being developed right now and it will make your journey so much easier to get the information you need to help you pass the CISSP exam. 

As a result, I'll be offering a one time never to return price, get it a one time never return price for my membership. That's going to be incredibly valuable to anyone who signs up. I will only be offering this extremely valuable pricing. One time, that's it, not anymore. So if you're planning on taking the the CISSP exam in 2023, this will be the time to make a life and career altering decision for you and your family. 

So [00:01:00] stay tuned. You will not be sorry that you did. All right, let's get started. Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Shon Gerber and I'm your host for this action packed informative podcast. 

Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. Alright, let's get started. Let's go. Hey y'all. Shon Gerber again with Reduced Cyber Risk and I hope you're all having a beautiful day today. It's a gorgeous day here in Wichita, Kansas. 

It's, it's just couldn't ask for anything better, so it's a. Awesome day in in Wichita, Kansas. Well, today we have some great things that we're gonna be happening in the CISSP training field, and we're gonna be talking today on our CISSP. It's security integration is gonna be around trusted computing base, otherwise known as the T C B. 

Our overall training gonna [00:02:00] be on domain two, and we're gonna be talking around managing engineering processes using secure design. And then finally the C I SS P exam question is gonna be focusing on the CIA triangle and tpm. Trusted platform module, I think is what it was. Yeah, tpm, I think that's what it's, there's too many acronyms. 

Can't keep track of 'em all, but we'll get into that here in just a little bit. But before we do, I wanted to get quick, put a quick shout out about my CSSP training courses that are available for your [email protected], and you can catch those up at Udemy. You also can go to reduce cyber 

Dash training and you can get access to the Udemy courses that I have available. I have put out there. All of the CISSP courses. Domains one through eight are all available for you to go get at Udemy. And as you well know, Udemy's Bargain Basement prices are. Actually pretty incredible. I mean, it's just, it's amazing what they offer from a pricing standpoint. 

But the cool part about all [00:03:00] that is I will put updates to those on a routine basis. Each of those domains will be updated on a weekly basis based on the content that's put out. So it is a great place for you to go get your CISs P training to help you augment your studying for the CISs P exam. So go check it [email protected] or at reduce cyber 

All right, let's get going. Okay. In the CISSP cybersecurity integration, we are gonna be talking about 3.2 fundamental concepts of security models. Now, how does this work? Well, basically what I end up doing is I take the ISC Square training manual that they put out, uh, that goes over what you need to understand for the CISSP from ISC squared, and I break it down into the different chapters and sub domains that they have. 

And so what I've done is out of 3.2, which basically focuses on the fundamental concepts of security models. These are the key aspects and data that you're gonna need to understand for the CISSP exam [00:04:00] and the, the key concepts, the key understandings, and we, we will go over all of that with you here on reduced cyber risk. 

Now, one of the key points to consider is that this is the foundation. Of creating secure code and when you're dealing with, when you're trying to come up with, and I have a development team that works for me. So I deal with this on a routine basis as we're relating to developing development of code for my, my team, and for to protect our company. 

And this includes operating systems. And associated security mechanisms. So it doesn't necessarily mean just the code that would go into a potential cms. It also means the operating system code, which would be in, let's just say xp, which is really, really old, but people still do it. Or Windows 2008 server or whatever it might be. 

Yeah, it's SQL server, whatever. The bottom line is is that the operating system itself needs to have the, the level of security put into the actual development. Of the code, but this also be a be bees. That's a really good word. It also becomes around the hardware, the physical locations, [00:05:00] the network hardware, software, and the prescribed procedures. 

You need to really include secure coding in all that you do. Now there's some key provisions you need to follow. Access, authorization of resources, user authentication, and the backup of the data. So there's some key concepts, and when it comes into the provisions, it's who has access, how do they have access, who has the correct authorizations for those specific resources, whether it's even an an individual account or it's potentially a service account, something that's accessing it. 

To just run the system, user authentication, and then also how do you back up the data and how is that data secured? All of those key pieces are fundamental in when you're dealing with the, uh, concepts around security models. Now, T c b, the, the history around this is, this came from a gentleman by the name of John Rush. 

B bye B. Depends how you sound it and how you sound it. They say it, they call me Shon or Shon. Yeah, but see, my, my first name is sh Shon. [00:06:00] See? Uh, it's just, I love it. It's just great. My parents said that to me. Hey, by the way, if you're a parent, don't do that to your children. Just, just don't do it. Just say no. 

Just don't call him moonbeam or something like that. Just say like, call him Bill or Fred. Those are always good names. Yeah, those, those are good names. All right, so I'm sorry. A little bit bitter. My pre friends, my friends call me Enrique, so if you don't, if you don't know, you can call me Enrique. But basically, John, rush me defined T C B as a combination of a colonel and trusted processes. 

Now, what does this actually mean? This isn't kernel like a kernel of corn that you would get and you would grow out in your field or in your. Plot of land, but this is a kernel that's tied to the hardware and then the software. These are trusted processes that run, uh, a level of software that runs as a trusted process within with on the kernel. 

Now, these are designed to be very, very small in size. And, and so therefore, as they're small inside, they can't be very big, right? Hence small in sizes. But they also have to be lightweight and be able to run very quickly and efficiently. And these are a set of controls that are designed to work together to form [00:07:00] a trusted base, a a base code to enforce a security policy. 

On that kernel. Now, we talked about the orange, the different books that are available. I think we talked about that last week, but the Rainbow Series, and it's the NSA version of that and what, what they have, the different green, the blue orange books and so forth. Well, the Orange book is a part of the Rainbow Series, and it defines the T C B as this. 

It's a. Total. The totality of protection mechanisms within it include hardware, firmware, and software. The combination of which is responsible for enforcing a computer security policy. Again, the policies are, they're not like a, a policy that you would make to go create a law. I mean, they kind of are, but they're not. 

It's basically the rules set up to, to govern how. Security is in place, put in place on a specific system. So those are the the policies, and you'll deal with policies in security policies that are within your company as a CISSP, or as a cybersecurity professional, you may end up putting some level of policies in [00:08:00] place. 

And these are a written document that specify how things need to be taken care of. So there's those kind of policies as well. Now the Orange Book defines that the boundaries of the TCB depends significantly on the definition of the security policy. Hence, that's what defines where they can get access and where they can't get access. 

So as an example, we'll use a web server. Now this is a multi-user application, right? Web servers. Lots of people log into 'em. Lots of people use 'em from admins that log into 'em, to the fact that there's just people, gobs of people hitting 'em from all over the world. The it is not. Part of the OSS T C B. 

Okay, so the web server itself is not part of that. Now. It provides access controls and preventative individuals from usurping other people's rights. So you can't be a squatter, go in there and kick somebody out. It. There are various access controls in place to prevent that from occurring. Now, a breach of the application, so of the web server application, whatever that might be, whatever you're using would be, would not constitute the [00:09:00] breach. 

Of the OSS tcb. So it's the layer above the TCB above, above the overall OS itself. So if you beat, if you blow up the application, you get access to it and you are God on the application, you do not necessarily have access to the OSS T C B. 

So as a TCB software protection, the Orange Book book speaks of a TCB needing to be protected against tampering. Duh. Right? You don't want someone to get access to that. Cause if they get access to your trusted computing base, they game over. They own it all. Okay? Cause that's kind of a problem, right? If you own the foundation, then you own everything that's. 

Tied to the foundation and the TCB must prevent its own software from being written too. Now they, they have the memory management unit. You might have been hearing about this as in some of the trainings you've learned and some of the, the readings you've done is an mmu. Okay. Now, in a previous life, an MMU was used for as a mass measurement unit. 

I used it when I used to fly a seven. I didn't fly those. I [00:10:00] actually worked on them. Uh, a seven COR airs. That just shows how old I am. I'm like dirt old. But these mmus. That's too digress. They used to work in the navigation, but the memory management units on a computer adds protections to protect your T c b. 

Now it's programmable by the operating system, so it allows, denies and allows, denies access to specific ranges of systems memory requiring to be run so that it, it actually abides it. It will provide a. Capability or it'll remove the capability depending upon what's gonna occur. And then of course there's gotta be God mode, but this is supervisor mode, which allows for and restricts this access. 

So the supervisor mode allows you to do that with the operating system. So again, the TCB software has a lot of protections in place just to protect it from knuckleheads like myself that would go poke around and get into areas I probably should not be getting into. Okay, that is the T C B software protection and we are T C B I should say. 

And so we are going to move [00:11:00] on to the CISSP training. Okay. So as we're dealing with CISSP domain three, security, architecture, and engineering, the topic de Azure is going to be implement and manage engineering processes using secure design. All right, so we talked about the T C B in from a Wikipedia concept. 

Now we're gonna talk about what some more things that would be detailed out in the CISSP. So we talked about as far as the T C B and how it's considered at all stages of system development. It's how important it is that you need to consider its use. Programmers should also strive for secure development, and this is when you come down to developing from a firmware. 

To the OS model. The OS all the way up to the application. You should strive for secure development and this would be, you'll see terms out there. I've heard 'em, I've seen 'em just as S D L C, which is just basically software development lifecycle and security is kind of weaved in there. I've also seen S S D L C, which is your secure software [00:12:00] development life cycle. 

So, It, it kind of goes hand in hand. I would say that the security, when you're calling that out specifically, obviously that defines security more than being just, uh, software. However, if you're gonna be doing sdlc, one of the questions I ask any potential new, uh, developer is how do they in interweave security within the sdlc? 

Cuz they'll throw out that as a big buzzword going software development lifecycle, you need to do it, or I do it right now and I'm pretty awesome and. Then what I ask is I ask, okay, so how do you do that from a security standpoint? I mean, do you, do you incorporate some level of security within your SD l c? 

So something there to consider, and, and so therefore when you talk about this stuff, it's, it's important that there are some key cons, security items for security design that you need to consider. Now we're gonna get into objects and subjects. So an object is a resource used by a subject, which would also be a computer system. 

So your object could be a computer system, a [00:13:00] divine system that you are gonna be working on. Subjects are user or processors requesting access, such as an individual or an rpa, which would be your robot process algorithm. Okay? Those are RPAs and so that those are different things that are put in place. 

They're object in your subject. Now there's a trust. These trusts are set up between objects and subjects. So as an example, you would have service accounts, that would be a user, okay? And then you have an r and d computer, which would be an object. And these service accounts have access to this object, and therefore they can manipulate and go back and forth. 

However, the bad guys, the hackers, the attackers, they will then manipulate this trust between the objects and the subjects. So therefore, it's important that you have. Proper protections in place to minimize the attackers from getting 'em now living in a previous life, uh, a service account, I've talked about this before on reduced cyber risk, is that it is the granddaddy dog that you want to, they want to go after. 

Typically, service accounts are set [00:14:00] up that they're 24 by seven. They have very limited protections. Passwords probably don't change a whole lot, and so therefore, they are the ones that are used to manipulate other objects and to just take advantage of them. So, The, again, if you're C I S P and you're studying for this, this is the key and this is what separates reduce cyber risk from a lot of other people that are teaching CISSP. 

We've got gobs of experience on this stuff, and we've seen a little bit of it now, believe me, I know I got a lot more to learn, tons more to learn, but that those things are definitely liver leveraged. And so just understanding the test and passing the test is with the first P piece of this, but ongoing and understanding how these accounts are leveraged. 

Yeah, that's, that's the ongoing aspect that you gotta be aware of. Now there's closed in open systems. Uh, a closed system is designed to work with a very narrow range. Okay? So it's just designed in a certain area. Again, I've dealt with this in the past from a military technology standpoint. Those were closed systems and they're defined typically by the manufacturer. 

So let's say you have a. Stealth fighter [00:15:00] and you have a specific system that needs to be working on that steal stealth fighter, they will have that as a closed system. It's not updates, all that stuff. It doesn't reach out to the internet and, Hey, I'm gonna go to update. You know, it doesn't do any of that. 

You, you have very close parameters on how the updates occur. They are sent specifically to individuals to. Update themselves. They're, they're trying to avoid as many inputs from the outside. That would be random, and that could potentially add to a vector into the, the system itself. Again. So these are defined by the manufacturer. 

They can be more secure. They really can't sort of, now what I mean by that is the fact that because they are a closed system, they are segregated away. The downside of that is, and you see this even when the manufacturing space, when you have a manufacturing system that is separated such as using the Purdue model, what'll happen is, is in many cases these systems that are maybe blocked off by firewalls do not get updated as routinely as they potentially should. 

So therefore they are, uh, a bit more susceptible to vulnerabilities. And [00:16:00] so that's why it's important that I say sort of. Uh, you, you need to make sure that you, if you do have a closed system within your environment, you do make sure that you do update it as much as you possibly can. Now open systems. 

These are agreed upon an industry standard, and these are much easier to integrate with other systems, ie. Because they're have a standard and they're updated on a routine basis. We used to call this cots, which is uh, what I used to, they think they still do. It's cot. Comment off the shelf software and systems. 

I can't guess what this, the acronyms stood for. Basically it's stuff you could go buy off the shelf and shove it in a plane. Cots is a, is an important aspect. Now, the problem with cots was it was not as tested as these, uh, the systems that are defined specifically for a, an aircraft or for the military, but they are getting more and more integrated within the. 

Military system as well. There, there are more options to these networks as far as being an open system, but they are less secure and as they are less secure. You have to be aware of that. So again, [00:17:00] an example of that would be a computer, a current computer system that you can get. You can go buy a new laptop, desktop. 

Um, desktops are really kind of hard to get ready anymore, but I mean, you can buy 'em obviously, but they're not nearly as prolific as they used to be. But you go get these new current computer systems and they are built to a standard. They integrate well with others. They play well with others, and, but yeah, they don't really have the, they've run the risk of being a little less secure because they have so many bells and whistles that have to be in place. 

Now techniques to maintain confidentiality, integrity, and availability, we're gonna get into confinement. Okay? So this is various techniques that are created by software developers and any of the following can be used outside of software development. It doesn't have to be specifically in the software development world, but it's where we're talking about right now. 

But bottom line is confinement. So what does that mean? It restricts user. Yes. That makes sense. The word says confine, restrict. Restrict for users and process asset access or actions to a [00:18:00] program. It also allows a process to read right from specific locations. So it re, it confines it to what it can do, where it can read. 

It defines who can access it, what programs can access it. So again, it confines the, the restriction. It puts restrictions on it. A sandbox is a place to restrict where you can operate again. Now, this is also a place where cats go poo, but we're not talking about that sandbox. We're talking about a different sandbox. 

This is one where they, you place, uh, restrictions on where you can operate. You can play in, it's a, it's a place you can play and beef. Protected from the bad guys out there outside of the sandbox. That's, that's the purpose of it. But you must meet and operate with a higher level of security in the sandbox. 

Now, I've seen it with other companies, I've FireEye. Many others will do this. They will have a sandbox in place where a piece of malware will come in. It'll go dumped into the sandbox, and it'll be run to see if it implodes. If it doesn't implode, then it will be moved on. Now the bad guys have figured out how to get around that. 

Obviously, they just put timers on things and so forth so that when it blows it up in the sandbox, hey, it works. No big [00:19:00] deal. And then it moves it on, and then it blows up and does bad things. But the, the sandbox is a place where you can, things can go nasty and you don't care, except for when their cats go in there and use it as a litter box, that's usually not so good. 

Anyway, but moving on. Example is only specified systems can operate against a specific database. Any system outside the scope are not allowed. So again, if you're a very specific system, it can operate on that database. It can operate in the sandbox, but nobody else is out, is allowed out inside the sandbox. 

That is not supposed to be there, no children from other places. Now bounds in process isolation. What does this mean? Well, bounds are defined process that are given authority to operate. They can be many or few. So again, the processes that are in place, you define these bounds right now, obviously more is not necessarily better. 

Especially as you're dealing with the kernel and other things. But one of the aspects around this is the uni user, the kernel and the administrator. These are specific process that are given access and [00:20:00] authority to operate, but you have to create these bounds to, to define what they can and cannot do. 

The operating system, memory and hardware, these are process that would be defined, bounds defined, right? The operating system. This system can use, or this user can use this memory. This one can, this one can do it in hardware. Typically, the kernel can do it in almost all those places should be able to do it in all those places so that those are aspects that you're gonna have to, that will be defined for you in most, in most situations. 

Now, an example, Malware will utilize errors in these bound settings and then it will go and start mucking with stuff. An example would be kernel manipulation. So if your bounds are not set correctly to get to deal with the kernel, and you have users that can get access to the kernel, then it will go and flag it will. 

They'll be able to mess with it. And if they mess with it and they mess with the kernel, as we talked about in tcb, they will own everything. Now the, the key around all that though is, is that if you have a product such as edr, which would be endpoint detection and response or recovery response, [00:21:00] that would noti it would notarize, that's not really a good word. 

It would utilize the, or understand if someone was to manipulate the kernel and then, Trigger on that. So again, that's why these, these endpoint detection products are really, really valuable. Now, process oscillation, this ensures that only affected specific memory locations or, or only specific memory Locations are affected and it's essential part of a stable system. 

If you don't get into process isolation, what'll happen is, is then all these processes are running all kinds of goofy stuff, and then it'll crash and cause you all kinds of issues. Now, it also prevents applications from accessing memory from other locations, cut, paste, copy. All of these will be allowed to transition, and so therefore, it's important that as you're dealing with process isolation, that you, you do make this. 

Peace. Very limited. As an example, you got cut, paste, and copy. Those are processes that would be isolated. If you don't do that, then you can use these functions to many other ways and, and hackers can utilize them outside of their [00:22:00] parameters and then that would be bad. And they will try that. They try everything. 

And then another way would be macros. They can run outside of defined parameters, and then you get all kinds of manipulation occurring of these macros with bi hackers or attackers that are causing effects to your environment. Okay, that's all I have for CI S'S P training. Let's get into those exam questions. 

All right. C I S P exam Questions Domain three. All right, so this question is going to be talking a little bit about confidentiality, integrity, and availability. All right, so Fred recently received an email from Bill. So Bill got an email from Fred saying, Hey, you're awesome. I like you, you're you like me. 

Yeah, we're good. Let's go out and have, do some fishing and go have barbecue. No, that's not what he said, but that's what I just ad-libbed. Now, Fred recently received an email from Bill in his inbox. What goal would need to be achieved to ensure Fred. That the email is legitimate and it has not been spoofed. 

We got confidentiality, non-repudiation, integrity, [00:23:00] availability, or one of those? 3, 4, 5. One of the four. Okay. A, B, C, or D. So A is confidentiality, B is non-repudiation, C is integrity. D is availability. The answer is, B, non-repudiation does not allow the sender to transmit or a message and then to deny that it was sent by them. 

So that's B And so, yeah, I, I kind of fibb to you guys. It wasn't about cia, it was actually about non-repudiation, so. Gotcha. Bottom line though, is non repu. Repudiation is the goal, so you wanna be able to be able to repudiate. So if someone says, it wasn't me, I didn't do it, that's repudiation. So non-repudiation would be the negative of that. 

That does not allow the center to transmit the message and then deny it was them. And so that's what you also wanna do from maintaining your systems, is you want to have the availability for non-repudiation from a hacker. Hence you have logs that are taught locked down that people can't get access to. 

You want to have the ability to, to basically be able to restrict people from getting access to systems that they can't get ac, they don't need to get [00:24:00] access to. Now quite next question. What is the following as it relates to the trusted platform module? Which of these, as it relates to them is true? A, the T P M installed within hardware is much slower than the software variant B. 

The T P M does not store the crypto keys for the system. C, the TPM is responsible for storing and processing the crypto keys for the system, and can be in software and hardware systems. D, all of the above. All of the above. Okay. And the answer is, Siggy, the TPM sole purpose is considered the trusted source within the computing system, and will store and process cryptographic security keys, full disk encryption, will store the encryption keys in this location. 

Now, I didn't go over this in the tpm, but it does do that. The trusted platform module will go over and deal with the. Encryption and crypto keys, and it will store them for you. So [00:25:00] that is, we'll talk about that in another domain or another podcast, but it's basically, that is the domain, uh, of domain three. 

You would be dealing with the tpm. So again, the TPM is responsible for storing and processing the crypto keys of four system and can be in software and hardware systems, hardware like firewalls and switches and stuff like that. Okay, software like your software. Ah, thanks so much for joining me today on my podcast. 

If you like what you heard, please leave a review on iTunes, as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube. Just head to my channel CISSP Cyber Training and you will find a plethora of content to help you pass the CISSP exam the first time. Lastly, head to CISSPs cyber and look for the free stuff that is only available to our email subscribers. 

Thanks again for listening.[00:26:00]  

CISSP Cyber Training Academy Program!

Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification? 

Let CISSP Cyber Training help you pass the CISSP Test the first time!