This is one of the best series to add to your toolbox while you study. Thank you for the time and effort put into this series. I will reccomend it to everyone who chooses to obtain this certification.
5:50 Cross-over Error Rate 6:33 OAuth Methods/Standards 8:59 AAA Protocols 10:16 Identity & Access Provisioning Lifecycle 10:51 Authorization Mechanisms - implicit deny, access control matrix, Capability Table (different from ACLs - focusing on subjects), constrained interface, content-dependent control, context-dependent control 13:33 Authorization Mechanisms: 3 principles on the basis of which access is granted - Need to know, least privilege, Separation of duties & responsibilities 15:37 Access Control Models - Discretionary, Role-Based, Rule-based, Attribute-based(more flexible than rule-based model), Mandatory (lattice-based) 18:23 Access Control - provide CIA reference and enforce it preventive, deterrent, detective, administrative, logical/technical, physical, corrective, compensative, directive, recovery 24:14 Risk - asset valuation, threat modeling, vulnerability analysis 25:12 Access Control Attacks - dictionary attacks, brute force, spoofed logon screen, sniffer attack, spoofing attacks, social engineering, phishing (spear phsihing, whaling, vishing) 29:35 Access Aggregation attack 30:28 Preventing Access Control Attacks - password policies, security end points 31:25 Other attacks - Tempest, White noise 32:07 Active Directory: preventive measure for theft - RFID, Barcoding, Inventory; Kerberos can be compromised with Replay attacks; in the past there was a similar one called Hash attack.
On diameter, you probably use it every day without knowing. 4G uses heavily diameter for the core network communication e.g. for mobility info in S6a interface.
Possible correction? I've been watching your videos in succession up to this one (domain 5) and must say, very well done. My issue with this one is when you start giving your examples beginning at around 19:30. Some of the examples given don't seem to correspond to the description.... such as Physical, which you've defined as a barrier to prevent direct contact. How does an alarm (a siren on the outside of a building) prevent direct contact to a system or portion of a facility? Deterrence sure, barrier no. How does a motion detector or light for that matter? A video camera, either recording or not recording, does not stop me from touching or accessing anything. While these may be tools to alert someone of an intruder, or record happenings, they are not physical barriers. A wall, a gate, a fence, bollards, locked doors are all physical barriers that must be opened or negotiated through/around in order to gain physical access. As a note, I personally question window. Is there ever going to be a situation where you have a window without a wall or door? If the wall or door is there, then wouldn't a window provide more of an opportunity for access than by simply having a wall, thereby defeating the purpose of the barrier? Ponderous.
Thanks Mike. I have a updated release of the series coming out mid-week this week (wed or Thu), and the explanations and examples in this area are updated in a fashion I think you'll appreciate. I'll drop you a link here when I publish.
Another solid video for the CISSP exam! Appreciate the breakdowns and pdf document. Will you be providing pdf documents for domain 1-4?. Thank you in advance!
@@InsideCloudAndSecurity Thank you for taking the time in putting this content out there for free. I provisionally passed my CISSP exam this morning and I credit these videos in helping. While I was waiting for my OSG to arrive in the mail I kicked off my study time with your cissp playlist!
Great serie! 👍💪
Thanks! 😉
This is one of the best series to add to your toolbox while you study. Thank you for the time and effort put into this series. I will reccomend it to everyone who chooses to obtain this certification.
Thanks! Hope your exam went well! 👍
5:50 Cross-over Error Rate
6:33 OAuth Methods/Standards
8:59 AAA Protocols
10:16 Identity & Access Provisioning Lifecycle 10:51 Authorization Mechanisms - implicit deny, access control matrix, Capability Table (different from ACLs - focusing on subjects), constrained interface, content-dependent control, context-dependent control
13:33 Authorization Mechanisms: 3 principles on the basis of which access is granted - Need to know, least privilege, Separation of duties & responsibilities
15:37 Access Control Models - Discretionary, Role-Based, Rule-based, Attribute-based(more flexible than rule-based model), Mandatory (lattice-based)
18:23 Access Control - provide CIA reference and enforce it
preventive, deterrent, detective, administrative, logical/technical, physical, corrective, compensative, directive, recovery
24:14 Risk - asset valuation, threat modeling, vulnerability analysis
25:12 Access Control Attacks - dictionary attacks, brute force, spoofed logon screen, sniffer attack, spoofing attacks, social engineering, phishing (spear phsihing, whaling, vishing)
29:35 Access Aggregation attack
30:28 Preventing Access Control Attacks - password policies, security end points
31:25 Other attacks - Tempest, White noise
32:07 Active Directory: preventive measure for theft - RFID, Barcoding, Inventory; Kerberos can be compromised with Replay attacks; in the past there was a similar one called Hash attack.
I just passed my CISSP exam !!! Thanks for all the videos, they were very helpful to my success.
Glad to hear that. Congrats Olatunde! 👍🏆🎉
Thanx.
U start from the end of the chapter and then go up to the beginning.
Made more sense to me.to talk concepts before talking about attacks on them. 😉
On diameter, you probably use it every day without knowing. 4G uses heavily diameter for the core network communication e.g. for mobility info in S6a interface.
Indeed, and in fact, I call out Diameter in the "what's new in 2021" installment when talking about cellular 👍
@@InsideCloudAndSecurity Have not reached that video yet, coming closer....I really like the vidoes, they get to the key points of each domain.
Possible correction? I've been watching your videos in succession up to this one (domain 5) and must say, very well done. My issue with this one is when you start giving your examples beginning at around 19:30. Some of the examples given don't seem to correspond to the description.... such as Physical, which you've defined as a barrier to prevent direct contact. How does an alarm (a siren on the outside of a building) prevent direct contact to a system or portion of a facility? Deterrence sure, barrier no. How does a motion detector or light for that matter? A video camera, either recording or not recording, does not stop me from touching or accessing anything. While these may be tools to alert someone of an intruder, or record happenings, they are not physical barriers. A wall, a gate, a fence, bollards, locked doors are all physical barriers that must be opened or negotiated through/around in order to gain physical access. As a note, I personally question window. Is there ever going to be a situation where you have a window without a wall or door? If the wall or door is there, then wouldn't a window provide more of an opportunity for access than by simply having a wall, thereby defeating the purpose of the barrier? Ponderous.
Thanks Mike. I have a updated release of the series coming out mid-week this week (wed or Thu), and the explanations and examples in this area are updated in a fashion I think you'll appreciate. I'll drop you a link here when I publish.
Another solid video for the CISSP exam!
Appreciate the breakdowns and pdf document. Will you be providing pdf documents for domain 1-4?.
Thank you in advance!
Short answer is "yes". I think 1-3 remain. I'll get those up today or tomorrow latest.
PDFs for each domain are now available in each video's description.
8:20 In the slide should OAuth 2.0 refer to RFC 6749 instead of what's shown RFP? (request for proposal)
Indeed RFC. Will flag the typo for update in the future release. Thanks for taking time to mention. 😉
@@InsideCloudAndSecurity Thank you for taking the time in putting this content out there for free. I provisionally passed my CISSP exam this morning and I credit these videos in helping. While I was waiting for my OSG to arrive in the mail I kicked off my study time with your cissp playlist!
@@azountsu NICE! Congratulations! 👍🎉
Can we add "Something you where" in Primary Authentications Factors?
"where" comes into play in defining conditions of access and identifying risk, such as impossible travel scenarios.
Thanks for putting this together. This is very helpful.
Glad it was helpful!
Great video!
Glad you enjoyed it! 😉
Hello, how to get the PDF of the video? Thanks,
In the video description and here - 1drv.ms/b/s!AmhtzcmYt5AViK9_upLS9PloVj-qbQ?e=mzW1er
Thank you
You're welcome! Good luck on the exam!