~ 鄭召楷 (派克), 暫時通過CISSP
CISSP考試心得 – 鄭召楷 (派克)
Reply
~ 鄭召楷 (派克), 暫時通過CISSP
Category Archives: Security
~ 鄭召楷 (派克), 暫時通過CISSP
Modularization and Encapsulation
A module is a functional unit that accepts inputs and produces outputs. Modularization is the process of putting things of interest into a module and minimizing dependencies upon external things outside the module. High cohesion and low coupling are well-known modularization principles.
Encapsulation puts things in a module and protects them by controlling the visibility of outsiders. Most object-oriented programming (OOP) languages support encapsulation through the language construct – class, a wrapper of primitive data types (properties) and codes (methods). Members in a class can be seen in public, isolated in private, or protected and shared by child classes only.
WUSON Peacock Guardian Model
This diagram summarizes what I’ve learned these years in the Cybersecurity arena. I hope it helps in practice and the journey of CISSP. It defines assets from the perspective of information systems (the peacock), aligns with the ISC2 control types mentioned in OSG, and incorporates GRC, business mindset, and cultural awareness.
Understanding USB
The article, USB: Port Types and Speeds Compared – Choosing the right USB cable for your computer and peripherals by Tripp Lite by Eaton, provides informative information about USB standards and connectors.
| Standard | Name | Logo | Year | Connector | Speed | Cable |
|---|---|---|---|---|---|---|
| USB 1.1 | Full Speed USB | 1998 | A B | 12 Mbps | 3 m | |
| USB 2.0 | Hi-Speed USB |  | 2000 | A (Micro, Mini) B (Micro, Mini) C | 480 Mbps | 5 m |
| USB 3.2 Gen 1 |
USB 3.0
USB 3.1 Gen 1 SuperSpeed |  |
2008 (USB 3.0)
2013 (USB 3.1) | A B (Micro) C | 5 Gbps | 3 m |
| USB 3.2 Gen 2 |
USB 3.1
USB 3.1 Gen 2 SuperSpeed+ SuperSpeed 10Gbps |  | 2013 (USB 3.1) | A B (Micro) C | 10 Gbps | 3 m |
| USB 3.2 Gen 2×2 |
USB 3.2
SuperSpeed 20Gbps |  | 2017 (USB 3.2) | C | 20 Gbps | 3 m |
| USB 4 |
USB4 Gen 2×2
USB4 20Gbps |  | 2019 | C | 20 Gbps | 0.8 m |
| USB 4 |
USB4 Gen 3×2
USB4 40Gbps |  | 2019 | C | 40 Gbps | 0.8 m |
A USB Type-C connector has twelve pins. Four pairs of pins, aka “lanes,” are used to transmit (TX) and receive (RX) data, as highlighted in the following diagram by Eaton.
Both USB 3.0 (5 Gbps) and USB 3.1 (10 Gbps) can use the Type-C connector but only one TX lane and one RX lane, depending on the orientation of the connector. USB 3.2 takes advantage of all four lanes to achieve a 20 Gbps data rate.
USB Connectors
USB-C Connector Pin Layout
USB 3.2 Gen 2 (10Gb) Speed Test: 531 MB out of 10 Gb (1000MB or so)
- UGREEN M.2 SSD Case with NVMe and USB 3.2 Gen 2 (10 Gb) connectors
- Transcend M.2 SSD 1TB with NVMe PCIe Gen4 X4 (8 GB)
- USB 3.2 Gen 2X2 (20Gb) Expansion Card on PCIe Gen 3 X4 (4 GB) – ASM3242 Chip
PCIe Gen 3 X16 Speed Test: 1.68 GB out of 4 GB
- Transcend M.2 SSD 1TB with NVMe PCIe Gen4 X4 (8 GB)
- M.2 SSD with NVMe (max: 4 lanes) Expansion Card on PCIe Gen 3 X16 (16 GB)
References
Linux Notes
Secure Shell
Linux error detection and correction (EDAC)
- Special consideration when using Linux error detection and correction (EDAC) for tracking memory errors – Lenovo Server
- Error Detection And Correction (EDAC) Devices
Trusted Platform Module (TPM)
Kali
- Connecting a Wireless Adapter to a Kali Linux Virtual Machine
- Best Kali Linux WIFI Adapter with Monitor Mode 2023
- Check if your WIFI adaptor supports MONITOR mode, PACKET INJECTION & AP mode | Wifi for kali linux
- Kali Linux TP-Link TP-WN722N
- WLAN (Proxmox)
- PCI Passthrough
- How to Put WiFi Interface into Monitor Mode in Linux?
Proxmox
CISSP考試心得 – 洪毓新 (Spencer)
~ 洪毓新 (Spencer), CISSP, CCNP
CISSP考試心得 – 陳予婕 (Michelle)
~ 陳予婕 (Michelle), CISSP, PMP
CISSP考試心得 – 邱建華 (Billy Chiu)
~ 邱建華 (Billy Chiu), CISSP, PMP
IPsec Internet Key Exchange (IKE)
IPsec provides security services through AH and ESP. The two IPsec peers establish security associations for key exchange and security services by the Internet Key Exchange (IKE) protocol. RFC 2409 specifies the Internet Key Exchange Protocol (IKEv1), while RFC 7296 defines the Internet Key Exchange Protocol Version 2 (IKEv2).
Security Associations for Key Exchange
In IKEv1, the ISAKMP SA is two-way or bi-directional:
The ISAKMP SA is bi-directional. That is, once established, either party may initiate Quick Mode, Informational, and New Group Mode Exchanges.
~ RFC 2409
Security Associations for AH and ESP
Both AH and ESP security associations (one-way, either inbound or outbound) are established based on the IKE security association. In IKEv2, SAs established based on IKE SA are called Child SAs.
SA (Security Association): a one-way (inbound or outbound) agreement between two communicating peers that specifies the IPsec protections to be provided to their communications. This includes the specific security protections, cryptographic algorithms, and secret keys to be applied, as well as the specific types of traffic to be protected.
~ RFC 6071
Internet Key Exchange (IKE) Version 1
In IKE v1, ISAKMP defines “phases,” while Oakley defines “modes.” Security association negotiation happens in each mode, e.g., Main Mode, Aggressive Mode, and Quick mode.
In phase 1, a bi-directional secure, authenticated channel, aka ISAKMP security association (SA), is established between the two peers. Either “Main Mode” or “Aggressive Mode” is used in phase 1 to do so.
In phase 2, a one-way security association for AH or ESP is established using the “Quick Mode.”
For a successful and secure communication using IPsec, the Internet Key Exchange (IKE) protocols take part in a two-step negotiation. Main mode or Aggressive mode (within Phase 1 negotiation) authenticate and/or encrypt the peers. Quick mode (Phase 2) negotiates the algorithms and agree on which traffic will be sent across the VPN. Let’s take a further look at Quick mode phase (Phase 2) and what it’s role is within an IPsec VPN tunnel.
~ Internet-Computer-Security.com
IKEv1 Phase 1: Main Mode
IKEv1 Phase 2: Quick Mode
References
CISSP考試心得 – 陳昌鎰 (Anderson)
~ 陳昌鎰 (Anderson), CISSP, PMP