CISSP Certification: CISSP Domain 3 & 4 Boot Camp 2025 Exam

Welcome to this course taught by Thor Pedersen. Thor is an experienced instructor with a background in cybersecurity and project management, with extensive work experience in IT, Cyber Security, and project management, he holds CISSP, CISM, , CC, CDPSE, CCNP, CCNA, and PMP certifications. His courses on Udemy are the best-selling and highest rated, and he has helped thousands of students pass their exams over the years.

In this course, Thor will provide you with the knowledge and skills you need to succeed on your certification exam. He is eager to connect with you and help you along the way, and you can reach out to him through his LinkedIn profile (linkedin.thorteaches.com) or by joining his Facebook group (fb.thorteaches.com). You can also watch some of his free videos on YouTube (youtube.thorteaches.com).

Don't wait any longer - let Thor help you achieve your certification goals.

In this lesson, we will be discussing the importance of downloading the provided study guides for this course and how to access them. We will also be covering the importance of leaving an honest review for the course, including the rating system and how to provide specific feedback on the course. It is important to leave a review to help future students find the right courses for them and to allow the instructor to improve the course based on your feedback.

In this lesson, we will be discussing various tips and tricks for getting the most out of my courses. First, I will introduce the concept of the "little elephant," which indicates that a particular topic is particularly important. Next, we will discuss the use of ",..." in lists, which indicates that the list is not exhaustive. I will also explain the use of bold text to indicate keywords. Additionally, we will take a look at the Udemy interface and its various features, including the ability to pause, play, rewind, and fast forward lectures, as well as the option to change the speed of the lecture to better match your preference. We will also discuss the availability of professionally done subtitles in English, as well as autogenerated subtitles in other languages. Finally, we will explore the option to add your own notes, access a question and answer section, view educational announcements, and receive a certificate of completion upon completing the course.

Welcome to Domain 3, which covers security, architecture, and engineering. This is the largest domain, as it was previously three separate domains combined into one. Many students struggle with the vast amount of information covered in this domain, which makes up 25% of the entire curriculum. To make it more manageable, try breaking it down into the old domains: "security architecture and design", "cryptography", and "physical security". We will be covering common security models, architecture and design, virtualization, and cloud solutions to protect assets. We will also discuss the threats to our applications, systems, and businesses. Additionally, we will cover the history of cryptography, different types of encryption, hashes, and digital signatures. Finally, we will look at physical security, which is often our first line of defense and covers site and facility design, HVAC, power, and fire suppression. Remember, domain 3 makes up 13% of the exam questions, but 25% of the entire curriculum, so let's get started and I'll see you in the next lecture.

In the next couple of lectures, we will be discussing security models and their strengths and weaknesses. We will explore the different types of models such as DAC, MAC, RBAC, and ABAC and when to use them. DAC or Discretionary Access Control is when the data owner has the discretion to give or deny access to the data. An example of this is sharing files on a computer, where the user can change the permissions to share with specific individuals or everyone on the network. MAC or Mandatory Access Control is used in highly secure organizations, where access is granted based on a subject's clearance and objects have labels. RBAC or Role Based Access Control is used in most organizations in the private sector, where access is granted based on the user's role and predefined set of access rules and rights. ABAC or Attribute Based Access Control is not heavily used yet but is a better system as access is granted based on subjects, objects, and environmental conditions and attributes can be assigned to both subjects, objects, and the environment.

In this lesson, we take a deeper look at some of the specific high level models that you need to know for the exam. We start off with Bell-LaPadula, which is a mandatory access control model developed by the US Department of Defense. It is focused solely on confidentiality and has three properties: Simple Security Property, Star Security Property, and Strong Star Property. Next, we move on to BIBA, another mandatory access control model that focuses on data integrity. It also has three properties: Simple Integrity Axiom, Star Integrity Axiom, and Invocation Property. Finally, we cover Lattice Based Access Control (LBAC), which is a complex system of clearance levels and is also mandatory access control. The lesson concludes with the introduction of the Graham-Denning model, which uses objects, subjects, and rules to control access.

In this lecture, we will continue to explore security models that will be covered on the exam. We will begin with the Clark-Wilson rule which emphasizes integrity by separating users from the back end data through well-formed transactions and separation of duties. The Clark-Wilson rule uses subjects, objects, and an intermediary program to ensure that transactions are conducted in a secure and consistent manner. We will also discuss the Brewer-Nash model, also known as the information barriers model, which provides controls to mitigate conflicts of interest in commercial organizations. Additionally, we will explore the non-interference model and the Take-Grant Protection Model, which uses rules to govern interactions between objects and subjects. Lastly, we will review the access control matrix, which describes the rights of every subject in relation to every object on the system, allowing for easy tracking of access rights and capabilities of each user.

In this lecture, we will be discussing evaluation models, accreditation, certification, and system security procedures. We will cover how to determine the best solution for your organization, including which is the easiest to use, cheapest, and most efficient for your environment. We will also discuss the Orange Book and the Red Book from the Rainbow Series, which are the foundation for most evaluation models used today. We will also discuss ITSEC and the International Common Criteria (ISO/IEC 15408), including the concept of a Target of Evaluation (TOE) and Protection Profiles, as well as Evaluation Assurance Levels (EALs) which range from level one to seven, with the higher levels being more rigorous in testing. It is important to have a basic understanding of these concepts, but memorizing all the details is not necessary.

In this lecture, we will discuss secure design principles and go over some topics that were touched on previously in the course as a refresher. We will also cover new topics such as Least Privilege, where employees are only given the access they need and a specific process is in place for granting additional access, and Separation of Duties, where different people handle different parts of a process to reduce the chance of fraud. We will also cover Defense in Depth, also known as Layered Defense, which involves implementing multiple overlapping security measures to protect a specific asset, and Secure Defaults, where defaults are set to be as secure as possible out of the box. Through these topics, we will improve our organization's confidentiality, integrity, and availability. We will be discussing various types of threat modeling that you might encounter on the exam. First, we will discuss PASTA (Process for Attack Simulation and Threat Analysis), a 7 step process that aligns business objectives with technical requirements. The PASTA model gives us an attacker-centric view of our applications and infrastructure, which we can then use to develop an asset-centric mitigation strategy. Next, we will talk about STRIDE, which stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service (DoS) and Elevation of privileges. It is often used to assess threats against applications or operating systems, and it can help answer the question "What could possibly go wrong with this system?" Lastly, we will discuss Trike, which is based on our requirements model, where stakeholders define the acceptable levels of risk for each asset and a threat model is created where threats are enumerated and assigned risk values.

In this lecture, we will be discussing Secure System Design Concepts, specifically the concept of layering. Layering is the process of separating hardware functionality into logical or physical layers, so that each layer can only interact with the layers that are directly adjacent to it. This concept is demonstrated in the model on the right, where if we change a hard disk, it may influence the kernel and the drivers, but it should not affect the operating system or the applications. This method of layering provides abstraction and hides unnecessary details from the user, making the experience seamless. Additionally, we will also be discussing security domains, which function like security clearance and only allow certain objects and subjects access to certain areas of the system. We will also be talking about open and closed systems, with open systems using open standards and standard components from multiple vendors, making them more secure than closed systems which use proprietary software and hardware.

In this lecture, we explore the Information System Lifecycle and its key phases, from initiation and planning to decommission and disposal. We discuss the importance of effective lifecycle management in ensuring the security, reliability, and performance of information systems. This lecture covers the specific steps and considerations involved in each phase, including defining requirements, developing or acquiring the system, implementing and testing, maintaining and updating, and finally, securely retiring the system. We also delve into the critical security aspects that must be addressed throughout the lifecycle, such as risk management, compliance, access control, change management, incident response, business continuity, and user awareness. The lecture emphasizes the significance of monitoring and auditing to proactively identify and address security concerns, ultimately reducing the likelihood and impact of successful attacks on the organization's information systems.

In this lecture, we explore Secure Access Service Edge (SASE), a framework that combines network security functions and Wide Area Networking (WAN) capabilities to provide dynamic and secure access for organizations in the face of dissolving traditional network perimeters. We discuss the key components of SASE, including Software-Defined Wide-Area Networking (SD-WAN), integrated security functions, cloud-native architecture, and a zero-trust model. This lecture also covers how SASE works in practice, with remote employee requests being routed through the nearest SASE Point of Presence (POP), inspected, and securely forwarded to cloud applications. We explore the benefits of SASE, such as improved user experience, reduced attack surface, scalability, simplified management, and improved security posture. Finally, we discuss the considerations for implementing SASE, including careful planning, evaluation of current architecture, alignment with business goals, and the cultural shift required within the IT department.

In this lecture, we will be discussing secure hardware, architecture, and key concepts related to the exam. We will begin by discussing the system unit, which is the case and all the internal hardware that makes up the system. We will also talk about the motherboard, which is the heart of the system and includes the CPU, memory slots, firmware, and PCI slots. Peripherals refer to everything that is plugged into the system such as the mouse, keyboard, and monitor. To connect all of these components, we have an intermediary called the computer bus which is used to connect everything to each other. However, as computer systems have grown, it has become more efficient to segment the bus into a north and a south bridge, with the North Bridge being faster than the South Bridge. We will also discuss the individual components such as the CPU, which is the brains of the system, and how it performs millions of calculations every second using the Arithmetic Logic Unit (ALU) and the Control Unit (CU). We will also look at the four basic functions of the CPU including fetch, decode, execute, and store.

In this lecture, we will be discussing the Basic Input Output System (BIOS), its functions, and its role in system security. The BIOS performs a power-on self-test (POST) to check the integrity of the system components and loads the operating system kernel upon successful completion. We discuss the implications of storing the BIOS in different types of ROM, particularly the security risks associated with EEPROM. We also explore Write Once, Read Many (WORM) media and its practical applications in secure data storage, such as logs backup using write-only DVDs. This ensures the integrity of logs even if an attacker gains access to the system or network. Additionally, we cover essential security features, including Trusted Platform Module (TPM), Data Execution Prevention (DEP), and Address Space Layout Randomization (ASLR). TPM is a secure cryptoprocessor that generates cryptographic keys and preserves boot integrity. DEP prevents malicious programs from executing code in reserved memory locations, while ASLR randomizes the location of system executables in memory to protect against buffer overflow attacks.

In this lecture, we will discuss Microservices, Containerization and Serverless. Microservices are small, independent, and autonomous services that are designed to perform one specific task and are resilient and fault-tolerant. They are highly cohesive and low-coupling which means they are good at their one task and are not connected to other components. However, they have a high degree of autonomy and independence. To help with the high points of failure in a microservice architecture, proper monitoring, error detection and recovery tools are needed. Containerization or OS Level Virtualization removes the redundant OS element on a virtual machine, making it faster and more efficient. Serverless is similar to containerization but instead of libraries and bins, it only has functions. Both containerization and serverless have their own pros and cons and it depends on the environment, culture, and deployment to determine which one is best for a project.

In this lecture, we will cover the kernel and its role in secure operating systems and software architecture. We will discuss the logical model of the kernel, known as the ring model, and how it is used in practice by collapsing it into just two rings (0 and 3) to make the system faster. The kernel acts as the interface between the operating system, applications, and hardware. We will also discuss the difference between monolithic kernels, which are one static executable and must run in supervisor mode, and micro kernels, which are smaller and more modular with the ability to add functionality from loadable kernel modules and can run on ring 3. Additionally, we will discuss access control models, specifically discretionary access control (DAC) where access to data is at the discretion of the data owner, and how this can be applied in Linux and Unix systems as well as Windows NTFS. We will also show how to view and change permissions on a Windows system. By the end of this lecture, you will have a better understanding of the kernel and its role in secure operating systems and software architecture, as well as how access control is implemented in different systems.

In this lecture and the following lectures, we will be discussing virtualization, cloud computing, and distributed computing. These topics are extremely important as they are evolving at a rapid pace and are used in almost any organization. Virtualization is the process of creating a powerful system and building smaller systems on top of it. This allows for multiple servers or clients to be on the same hardware platform, known as the host. Common virtualization software includes VMware, Hyper-V, and Xen. Later, when discussing distributed computing, it is the opposite where we have massive data sets that require a lot of resources and instead of running it on one system, we distribute the workload across multiple machines. This is commonly seen in cloud computing and it is important to ensure the security posture and compliance of these systems.

In this lecture, we will be discussing cloud computing, which is a highly important and weighted topic on exams. Not only is it important for understanding how different organizations operate, but it is also something that is extensively used by nearly all organizations. The lecture will cover the various types of cloud computing including private, public, hybrid, and community cloud computing. We will discuss the benefits of using cloud computing, such as cost-effectiveness, and the potential drawbacks, such as security concerns. We will also discuss how organizations can implement the right type of cloud computing for their specific needs, and the importance of ensuring compliance with industry standards.

In this lecture, we will be diving deeper into Public Cloud Computing, which is the most heavily examinable part of virtualization, cloud, and distributed computing. We will discuss the different solutions available within public cloud computing, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). We will explore the responsibilities of both the service provider and the customer for each solution, and the benefits of using each one. Additionally, the lecture will stress on the importance of further research on the topic and provide a visual analogy using the example of pizza as a service to better understand the concepts.

In this lecture, we will be discussing Grid Computing, a system in which resources from hundreds or thousands of systems that are not currently in use are utilized to complete complex tasks. By using a network of computers, each working on a small set of subtasks, a vast amount of resources can be utilized to quickly produce results. One notable example of this is the BOINC Network, which currently has around four million enrolled machines and uses their unused resources for various scientific research projects. Additionally, we will also discuss the use of peer-to-peer networks and Thin Clients in Grid Computing. Peer-to-peer networks involve any system on the network being able to act as a client or server, and Thin Clients involve a system with limited hardware or software. Both systems can provide cost and resource efficiency, as well as added security measures.

In this lecture, we will be finishing our discussion on virtualization, cloud, and distributed computing by focusing on distributed systems, high performance computing, and edge computing. Distributed systems, also known as distributed computing environments (DCEs), concurrent computing, parallel computing, or distributed computing, are a type of cloud computing where users connect to the closest node in the system, rather than a centralized system. We will explore the differences between DCEs and other forms of distributed computing, such as CDNs and grid computing, and the benefits and uses of DCEs in various industries such as the internet, websites, cell networks, research, and peer-to-peer networks.

In this lecture, we will be discussing the Internet of Things (IoT), which is a term that many people do not fully understand. Similar to cloud technology, IoT encompasses any device that is connected to the internet and made "smart", such as smart TVs, thermostats, and cars. However, as we add more functionality to these devices, we also make them less secure. We will discuss how to make IoT devices more secure by changing default passwords and logins, applying vendor patches, and segmenting the devices on their own VLAN. It is important to remember that the attacker will always find the weakest link in our security system, so we must be vigilant in patching and hardening our IoT devices to ensure the security of our networks and data.

In this lecture, we will be discussing the concept of emanations and covert channels in relation to cyber security. Emanations are unintentional information bearing signals that can be intercepted and analyzed by attackers, leading to a compromise of confidential information. We can protect against emanations by using heavy metals and encasing our systems to block the signal. Covert channels, on the other hand, are methods of intentionally transferring information through channels that were not originally intended for it. Examples of this include covert timing channels, where a difference in real-time response can be used to gain information, and covert storage channels, where information is hidden in an object by modifying it. Understanding these concepts is important for identifying and protecting against potential threats to our systems.

In this lecture, we will discuss malware, which is a catch-all phrase for malicious software that is used to compromise our systems or data. Malware can come in many forms and types. We will take a look at some of the most common types, but it is important to note that the exam will not focus on definition questions. Instead, you will be asked about how to protect against certain types of malware and what to do once infected. This means it is important to not only learn about the different types of malware, but also how to apply that knowledge in real-world scenarios. We will start by discussing viruses, which are one of the most common types of malware and typically require human interaction to infect systems. We will also cover macro and document viruses, boot sector viruses, stealth viruses, and polymorphic viruses. It is important to note that 95% of compromise is either due to human error or failure to take necessary precautions.

In this lecture, we will be focusing on different types of malware, including worms, Trojans, root kits, logic bombs, and packers. Worms spread through self-propagation, meaning they don't need any help or human interactions to spread. They contain both the payload damage, which does whatever it is designed to do on your system, and also replicate aggressively through a network. Trojans, on the other hand, look like the real thing but hidden inside is the malicious code that can infect your system. Root kits replace some part of the OS or kernel with malicious code, which can be a problem if the boot sectors are not scanned before they load up. Logic bombs are based on a certain time or event and can be hard to find because they are dormant until the condition is fulfilled. Lastly, packers are programs used to compress executable files, which can be used by bad actors to hide malware. It is important to remember that training to raise awareness and technical measures behind the scenes can help prevent these types of malware attacks.

In this lecture, we will discuss the topic of Web Architecture and Attacks. First, we will delve into the history and background of the Internet, which was initially designed for secure closed networks and not intended for the widespread use it has today. This means that security was not built into the protocols and standards, leading to a patchwork of security measures being added after the fact. We will also talk about the concept of adding security to an already established system, like building a house without any doors or windows and then trying to add them later. We will also cover topics such as the most common web security issues, as outlined by the Open Web Application Security Project (OWASP) and how to defend against them. The goal of the lecture is to understand the importance of incorporating security into the design and implementation process.

In this lecture, we will cover key terms related to database security such as polyinstantiation, which refers to the ability to have multiple versions of the same file depending on who is accessing it. We will also discuss aggregation, where an attacker collects data for statistical analysis, and inference, where the attacker deduces facts from evidence and reasoning. We will also touch on data mining and data analytics, which involves using computers to discover patterns in large sets of data. This is a controversial topic as it can reveal a lot of personal information about individuals, as seen in large breaches like Equifax in 2017.

In this lecture, we will be discussing mobile security, which includes any device that can be walked around with, such as external USB drives, hard drives, tablets, CDs, laptops, and of course, cell phones. As more and more devices are added to our networks, the more complex policies, procedures, and standards we need to ensure that every device we have data on is secure. We need to eliminate internal threats, which often come from users who are unaware of the risks or find it easier to take shortcuts. To do this, we need proper training to raise awareness and also close any loopholes to give users the tools they need. On the technical side, we should lock down USB ports, CD drives, network ports, and wireless devices, and enable full disk encryption and remote wipe capabilities. Overall, we want to ensure that we have the policies and procedures in place to keep our data as secure as possible.

In this lecture, we will be discussing Industrial Control Systems (ICS) and their applications in industrial production technology. ICS is a system used to monitor and automate production plants, power plants, water treatment plants, and other industrial components that can work with some level of autonomy. The system includes a low level set of commands and guidelines, and a back-end system that can log into these commands and change the parameters. We will also discuss SCADA (Supervisory Control and Data Acquisition) which is a control system architecture used to supervise and manage all the subcomponents at a high level. Additionally, we will cover Distributed Control Systems (DCSs) and Programmable Logical Controllers (PLCs) which have different applications and the decision of which one to use depends on the specific task at hand. We will also look at a practical example of implementing a SCADA system using the DNP3 protocol. Overall, this lecture will provide an understanding of the different types of control systems and their applications in the industrial world.

This lecture is an introduction to cryptography, the science of securing communication. It may not sound exciting to some, but it is crucial for keeping our secrets secret and ensuring the integrity of our data. Cryptography is a big part of the confidentiality leg of the CIA triad and can also be used for authentication and non repudiation. This lecture will introduce key terms and in later lectures we will delve deeper into the different types of cryptography, their advantages and disadvantages, and where and why we would deploy them. It is important to have the right balance between confidentiality and availability, and to use a strong enough encryption that it is unbreakable or at least takes an unreasonable amount of time to break. We will also discuss the use of modular math in cryptography, and definitions of cryptology, cryptography, and cryptanalysis.

In this lecture, we will dive deeper into key terms and definitions of cryptography, specifically focusing on mono and polyalphabetic ciphers and frequency analysis. Monoalphabetic ciphers involve substituting one letter for another, which is easy to break using frequency analysis. Polyalphabetic ciphers involve substituting one letter for another every round of encryption, making it more secure than monoalphabetic ciphers. We will also look at XORing or Exclusive OR, where a simple key is added to the plaintext to make it ciphertext. It is commonly used in symmetric encryption and deals with 1s and 0s. The goal of XORing is to create confusion, diffusion, substitution, and permutation between the plaintext and the ciphertext.

In this lecture, we will be discussing the history of cryptography and its relevance to our current understanding and use of encryption methods. We will start with the Spartan Scytale, a simple encryption technique using a stick and a piece of cloth, and move on to other historical methods such as the Ceasar Cipher and Vigenère cipher. We will also discuss the use of cipher disks and the Enigma machine, which was used by Germany during WWII. The importance of understanding the evolution of encryption methods is highlighted, as it allows us to understand why certain techniques are used today and prepares us for exam questions.

In this lecture, we will be finishing the history of cryptography by discussing One-time Pads. One-time Pads are exactly what they sound like, pads that are used only once. They are a cryptographic algorithm where plaintext is combined with a random key. It is crucial that the key is truly random because if the pad is reused, it can be broken. One-time Pads are also the only mathematically unbreakable encryption, but they are impractical as they can only be used once and both sender and receiver must have identical pads. We will also be discussing the Vernam Cipher, the first known use of a one-time pad and the example of Project VENONA where the pads were reused and the messages were successfully decrypted. We will also be discussing the Jefferson Disk and the SIGABA machine, which were used during World War II and the 1950s.

In this lecture, we will explore the two main types of encryption used today: symmetric and asymmetric. Asymmetric encryption allows for secure communication without a pre-shared key, but it is much slower and weaker per bit. On the other hand, symmetric encryption is faster and stronger per bit, but it requires a pre-shared key which can be difficult to share securely. To combat these weaknesses, we will discuss hybrid encryption, which combines the use of asymmetric encryption to share a secret key and symmetric encryption for faster data transfer. Additionally, we will touch on the mathematical formula used to calculate the number of keys needed in symmetric encryption, and encourage students to practice examples to solidify their understanding.

In this lecture, we will discuss symmetric encryption and its use throughout history. One of the most commonly used encryption methods in the early days of the Internet was the Data Encryption Standard (DES) or Single DES. However, DES is no longer considered secure due to the many attack vectors that have been publicly exposed. DES uses a 64-bit block cipher, a 56-bit key, 16 rounds of encryption, and the Feistel cipher. It also has five different modes of encryption, including EBC, CBC, CFB, OFB, and CTR. Additionally, we will cover Triple DES, which is a modification of the original DES algorithm that encrypts data three times using three different keys for a total of 112-bit key strength, and is currently the only secure key mode for Triple DES.

In this lecture, we will continue our discussion on symmetric encryption, with a focus on AES (Advanced Encryption Standard/Rijndael) which is the most commonly used type. We will also delve into Blowfish and Twofish, and finish the lecture by exploring the Feistel cipher. We will explore AES in depth, including how it uses a 4x4 matrix for all bytes, and the different steps it goes through in the initial round, actual round, and final round. We will also cover the key size and number of rounds for AES, and how Blowfish and Twofish, which are also symmetric and use the Feistel cipher, differ in terms of block size and key length.

In this lecture, we will discuss asymmetric encryption, a newer technology compared to symmetric encryption, which has been used for thousands of years. Asymmetric encryption has only been used for practical purposes for around 40-50 years, with the development of different methods such as Diffie-Hellman in 1976 and RSA in 1977. Unlike symmetric encryption, where the same key is used for encryption and decryption, asymmetric encryption requires two keys per person: a public key and a private key. With asymmetric encryption, messages can be securely sent over unsecured mediums like the internet without a pre-shared key. It is important to keep the private key secure as it is the key used for decryption and if compromised, an attacker can read all the messages. Asymmetric encryption is also used for digital signatures and can provide authenticity, non-repudiation, and confidentiality.

In this lecture, we will discuss hashing, which is a form of cryptography that is primarily used for integrity. Hashing is a one-way function that ensures that a file or system has not been altered. We use it to take a bit-level copy of a drive, hash the original and copy, and ensure that they match before conducting forensics on the copy. Hashing is not reversible and does not provide confidentiality or non-repudiation. It's important to note that the size of the input text does not affect the fixed-length output, called a message digest or hash. Hashing is used in various places, including hard drives and downloading software from the internet. It's crucial to be aware of collisions, which occur when two different sets of data produce the same hash. The MD5 algorithm has a flaw that makes collisions possible, which is why it is no longer widely used and has been replaced by SHA2 and SHA3.

In this lecture, we will discuss hashing and its role in cryptography. Hashing is a one-way function that is used for integrity and ensuring that a file or system is unaltered. However, it does not provide confidentiality, non-repudiation, or any other feature. We briefly touched on hashing when discussing compromised hard drives and how a bit-level copy of the drive is taken and hashed, with the original and copy's hashes being compared before doing any forensics. It's important to remember that hashing is a one-way function and cannot be reversed, so the only goal is to ensure that no files have been altered. Hashing is used in many places such as on websites where software or patches can be downloaded, and a hash is provided for the file for comparison. It's important to note that there is a possibility of collisions, where two sets of data produce the same hash, which is why we should not use the outdated MD5 algorithm, but rather the more secure SHA2/3 algorithm.

In this lecture, we will finish discussing hash functions and their various algorithms. We will start by looking at the SHA (Secure Hash Algorithm) family of algorithms, specifically SHA1, SHA2, and SHA3. We will discuss the pros and cons of each algorithm, including the length of the hash value produced and the level of collision resistance. Next, we will discuss the HAVAL (Hash of Variable Length) algorithm, which allows for a variable output length but is not widely used. We will also cover RIPEMD and RIPEMD160, which were created in response to concerns about potential back doors in hash functions developed by the military or for government contractors. Finally, we will discuss the concept of salting and nonces, which are used to further secure stored passwords by adding a random value to the hash.

In this lecture, we explore the fascinating field of Quantum Cryptography and Key Distribution, which leverages the principles of quantum mechanics, such as quantum entanglement, to ensure the security of communication. We focus on Quantum Key Distribution (QKD), the most well-known technique in Quantum Computing, and discuss how it enables the creation of secure communication channels that are immune to hacking or provide notification if observed. The lecture covers the process of QKD, including the use of protons and shared secret keys, and explains the security principles behind it, such as the Heisenberg Uncertainty Principle and the No-Cloning Theorem. We also discuss the challenges of Quantum Cryptography and QKD, including distance limitations and the cost and complexity of specialized hardware, as well as potential solutions like quantum repeaters and satellite-based QKDs. Finally, we explore the potential applications of Quantum Cryptography and QKD in securing communication channels, protecting sensitive transactions, safeguarding critical infrastructure, and beyond.

In the next couple of lectures, we will explore various attacks on our cryptography. We will focus on two specific attacks: Steal the Key and Brute Force. Steal the Key is exactly what it sounds like, an attacker stealing our encryption key. This is more efficient and faster than attempting to break the encryption. On the other hand, Brute Force uses the entire key space and tries every single combination to decrypt the ciphertext. However, this method takes a lot of time and can be countered by simple measures such as adding a timer or locking the account after a certain number of incorrect attempts. We will also cover Digraph Attacks and Man-in-the-Middle attacks in future lectures. Overall, it is important to have the right amount of security in place and to always be aware of potential vulnerabilities in our systems.

In this lecture, we will continue to discuss cryptographic attacks and focus on the tactic of social engineering. Social engineering is the act of convincing someone to give away their password or other sensitive information. It can be extremely successful because people want to be helpful and don't want to get in trouble, and when someone poses as an authority figure or creates a sense of urgency, people are more likely to comply. We will also discuss different approaches to social engineering such as authority, intimidation, consensus, scarcity, and familiarity. This is important because it highlights the need for training and raising awareness for employees to be able to detect and avoid these types of attacks.

In this lecture, we will conclude our discussion on cryptographic attacks by focusing on known key attacks, differential cryptanalysis, linear cryptanalysis, and the combination of both known as differential linear cryptanalysis. Known key attacks involve having some prior knowledge about the key, such as its length or format, that makes it easier to break. Differential cryptanalysis involves searching for differences between related plaintexts to find non-randomness in the ciphertext, while linear cryptanalysis studies plaintext and ciphertext pairs created with the same key to discern information about the key. Additionally, we will discuss side channel attacks, implementation attacks, and key clustering, emphasizing the importance of proper implementation and automation in securing systems.

In this lecture, we will discuss digital signatures and Public Key Infrastructure (PKI). PKI uses both symmetric and asymmetric encryption as well as hashing to provide and manage digital certificates. It is important to keep our private key secret, but in PKI, we also store a copy of the key pair in a secure location, known as a key repository. This is important in case the private key is lost or destroyed. We will also discuss key escrow, which is a backup of our key pairs kept by a third party, often at the request of law enforcement. Finally, we will go over the flow of data in a digital signature, which ensures message integrity and non-repudiation.

In this lecture, we will delve into the topic of Message Authentication Codes (MAC) and the Secure Socket Layer (SSL) and Transport Layer Security (TLS). Starting with MAC, we will discuss how it is a hash function that uses a key, specifically the Cipher Block Chaining (CBC) method from the Data Encryption Standard (DES) symmetric encryption. MAC provides integrity and authenticity, however, it does not reveal what has been changed, only that the integrity has been compromised. We will also discuss Hashed Message Authentication Code (HMAC) which combines MAC with hashing, and both parties must have a shared key before exchanging information. Moving on to SSL and TLS, we will learn about how these protocols provide confidentiality and authentication for web traffic such as web browsing, email, and voice over IP. We will examine the process of the TCP 3-way handshake and the client hello, and how the server can authenticate the client if necessary. Finally, we will discuss the current prevalence of TLS over SSL and its use in internet chats and email clients.

In this lecture, we will primarily be discussing IPSEC, a protocol used to add security to networks that was not originally built into the Internet. We will also briefly touch on PGP (Pretty Good Privacy) and MIME (Multipurpose Internet Mail Extension). IPSEC uses AH (Authentication Headers) and ESP (Encapsulation Security Payloads) to provide authentication, integrity, and confidentiality for data packets. It also uses Security Associations (SA) to negotiate parameters for the AH and ESP and has a unique 32-bit SPI (Security Parameter Index) for identification. IPSEC can be used in either tunnel mode or transport mode and IKE (Internet Key Exchange) is used to negotiate the type of protocols, encryption, and hashes for a specific connection.

In this lecture, we will be discussing physical security, which is a broad topic that encompasses various aspects of defense in depth. We will begin by examining the different types of controls that can be implemented for physical security, including preventative, detective, deterrent, and compensating controls. Each type of control serves a specific purpose, such as preventing an attack, detecting an attack, deterring an attacker, or compensating for other controls that may be too costly or impossible to implement. These controls can include things like locked doors, bollards, CCTV cameras, alarm systems, and security guards. It is important to note that many countermeasures can fall into multiple categories, and the type of control used will depend on the specific situation and the indicators or keywords present in the question.

In this lecture, we will continue to explore physical security measures. We will delve deeper into the different types of controls we have in place, specifically focusing on fences, gates, bollards, and lights. Fences can be used as a deterrent or preventative measure, with the height determining their level of effectiveness. Gates are also placed in fences to control the points of entry and exit, and come in various classes such as residential, commercial, industrial, and restrictive access. Bollards are used to prevent vehicles from entering a specific area, and lights serve both a detective and deterrent purpose by fully illuminating the entire area and making it difficult for intruders to sneak in undetected. Overall, these different physical security measures work together in a layered defense to provide the necessary security posture for the facility being protected.

In this lecture, we will continue to explore physical security and specifically focus on locks. Locks are a preventative measure that only prevents access by requiring a physical key to unlock the door. However, keys can be shared, copied, picked, or bumped, making locks less secure. We will delve into how a lock works, specifically looking at the bitting code and the alignment of tumblers. We will also cover the topic of lock picking and lock bumping and their potential ease of use. Additionally, we will discuss Master Keys and Core Keys, which are keys that can open multiple doors within a certain area or security zone and the importance of keeping them secure.

In this lecture, we will continue discussing physical security, specifically focusing on the different types of cards used for identification and access control. We will explore the different uses of smart cards and magnetic stripe cards and their level of security. Smart cards can be used for identification and access to buildings or programs and can be either contact or contactless. Both types of smart cards have an ICC chip, which stores all the information. Contact cards need to be in contact with the device that reads them, while contactless cards can be read by proximity. Magnetic stripe cards, on the other hand, are commonly used but are not very secure as they can easily be copied. To ensure maximum security, it is best to use smart cards with RFID blocking and avoid the use of magnetic stripe cards in areas where security is important.

In this lecture, we will be discussing physical security and specifically motion detectors as a means of detection and deterrence. We will delve into how motion sensors can be used in various ways, from simple triggers such as turning on a light to being connected to a back-end system that checks for authorized access and sounds an alarm if needed. We will also cover different types of motion sensors such as light-based sensors, ultrasound, microwave, infrared and laser sensors, and how they function. The instructor will also address some misconceptions about motion sensors from movies and their real-world applications.

In this lecture, we will conclude our discussion on physical security by discussing guards, dogs, and restrictive work areas. We will begin by discussing the role of guards as a deterrent, detective, preventative, and compensating measure for security. We will differentiate between professional guards, amateur guards, and pseudo guards and the importance of training them with clear rules and regulations. Next, we will discuss the use of dogs as a security measure, highlighting their deterrent abilities and potential liability issues. Lastly, we will discuss the process of allowing authorized visitors access to restricted areas and the importance of proper security clearance and identification verification.

In this lecture, we will discuss the importance of proper site selection, design, and configuration when building a new facility. We have previously discussed security measures, but when constructing a new facility from scratch, there are numerous considerations to take into account such as power reliability, internet providers, crime in the area, and natural disasters. These are all factors that must be researched and taken into account to ensure the location is the most convenient and secure for the organization. Additionally, it is important to not advertise the location of the data center as it is a part of security through obscurity. This lesson will cover the importance of considering all factors when choosing a location and the importance of hiding critical information.

In this lecture, we will delve deeper into the topic of site selection, design, and configuration for server rooms and data centers. We will discuss the challenges of designing and building data centers that can accommodate the ever-growing number of servers and the need for cooling and power. Additionally, we will explore the issue of "pop up" data centers, which are often created by utilizing whatever space is available, rather than a space that is specifically designed for a data center. Thor will also touch on the importance of considering future cooling and air conditioning requirements, and the consequences of not doing so. Overall, the aim of this lecture is to stress the importance of due diligence and proper planning in the design and construction of data centers, to ensure the safety and security of the servers and data.

In this lecture, we will delve into the topic of storage media and discuss best practices for securing our backups. Thor highlights the importance of knowing how much data is stored, where it is located, and who has access to it. They also stress the need for offsite storage, as keeping tapes in the same building as the data center can be risky if the building is lost. Thor also emphasizes the need for climate control, encryption, and security measures in the offsite storage facility, as well as strict background checks for the personnel handling the tapes. They also mention that paying for offsite storage may seem like a cost, but it is necessary to ensure the safety of the data. Thor concludes with some horror stories of tapes being stored in unsecured locations, such as an employee's home, and stresses the importance of these lessons still being relevant today.

In this lecture, we will discuss the importance of asset tracking and hardware hardening in protecting an organization's technology assets. Asset tracking involves keeping an accurate log of all hardware and software assets, including their location and serial numbers. This information is crucial for protecting assets, as it allows for the appropriate protection to be applied to each piece of hardware. The tracking system also allows for the remote wiping of lost or stolen devices, and can alert the organization when they need to order more hardware. Hardware hardening involves securing and configuring hardware before it is put into use, including deleting default accounts, applying patches, and blocking unnecessary ports. The process of hardening should be automated wherever possible to ensure that all necessary steps are taken to secure the device. It is important to not only focus on servers, but also on workstations and wireless access points, which are often overlooked in terms of security.

In this lecture, we will discuss the importance of clean, uninterrupted power in a data center. A lack of clean power can compromise the availability of servers and data integrity. To ensure this, we use UPSs (uninterruptible power supplies) and PDUs (power distribution units). UPSs provide backup power in case of a power outage and PDUs ensure the voltage is not too high or too low. We will also discuss common power fluctuation terms such as blackouts, brownouts, and surges and how they can affect a data center. We will also explore how power is set up in a data center, including the use of a utility transformer, transfer switch, and backup generator to ensure clean power and redundancy.

In this lecture, we will discuss environmental controls in data centers and specifically focus on HVACs - heating, ventilation, and air conditioning. It has long been a common practice to keep data centers very cold, but it is not necessary and can waste a lot of money. The optimal range for equipment to function is between 68-77 Fahrenheit or 20-25 degrees Celsius, with allowable ranges being between 59-90 degrees Fahrenheit or 15-32 Celsius. Additionally, keeping data centers too cold can raise humidity levels and increase the cost of pulling humidity out of the room. It is important to also maintain a positive pressure in data centers to keep contaminants such as dust and dirt out and to prevent unnecessary activation of fire suppression systems.

In this lecture, we will be finishing our discussion on environmental controls by focusing on the different types of detectors used in fire detection such as heat, flame, particle, and smoke sensors. We will examine how each sensor detects potential fires and their potential limitations. It is important to note that all sensors should be connected to warning lights, sirens, and the suppression system. We will also discuss the use of a delay button, where staff can check for an actual fire before the suppression system kicks in. Additionally, we will touch on the need to keep the data center clean to prevent false alarms from smoke sensors, and why flame detectors are not as commonly used in data centers. Overall, this lecture will provide a comprehensive understanding of the various types of fire detectors used in data centers and the importance of regular maintenance.

In this lecture and following lectures, we will be discussing fire suppression methods, particularly in regards to data centers. The "fire triangle" illustrates that fire needs three elements to burn: oxygen, heat, and fuel. A common method for extinguishing fires in data centers is to remove or lower the oxygen content in the room. This can be achieved through systems such as FM200, Halon or Argon, which replace a certain percentage of the air's oxygen with other gases. The objective is to lower the oxygen percentage enough to put out the fire, but not to the point of endangering human life. This approach is considered the safest, cheapest and most efficient way to suppress a fire in a data center. Additionally, it is important to note that fire classification varies by region and when answering exam questions it may be necessary to provide an Americanized perspective, with a focus on Class A and Class C fire extinguishers as they are relevant to regular offices and data centers respectively.

In this lecture, we will be finishing up our discussion on fire suppression for data centers by exploring the different types of gases that can be used to lower the oxygen content in a room and put out a fire before the water sprinklers activate. We will begin by discussing CO2, which is not commonly used but can be appropriate in certain areas, but it is crucial that these areas are unmanned as the gas is colorless and odorless and can be dangerous if people are unaware of its presence. We will also touch on the use of Halon 1301, which was once the industry standard for protecting high value assets but is now banned due to its negative effects on the ozone layer and potential harm to people. Lastly, we will discuss commonly used gases such as FM200, Argon, FE-13, and Inergen, and their role in fire suppression. We will also go over the importance of having the appropriate fire extinguishers in each area of the building based on its fire rating.

In this lecture, we will discuss the importance of personnel safety in emergency situations. The main point being emphasized is that people should always come first in any emergency situation. Clear policies and procedures need to be established in order to ensure the safe evacuation of employees. This includes providing the necessary training to raise awareness and understanding of emergency protocol. Appointing a leader to oversee the evacuation and designated meeting places outside the building are also crucial in ensuring everyone gets out safely and preventing people from going back in to look for missing colleagues. It is important to have plans in place for disabled employees and those who need special assistance, as well as regular fire drills and evacuation drills to ensure the best outcome in emergency situations.

Congratulations on finishing Domain 3! This domain is made up of three distinct sections - Security, Architecture and Design, Cryptography, and Physical Security. We covered a lot of information in this domain, including common security models, architecture and design, virtualization, clouds, and solutions that were used to protect our assets. We also discussed how computers work at a basic level and how they are segmented. We talked about the history of cryptography, different types of encryption, symmetric, asymmetric, hybrid, hashes, and attacks on cryptography and digital signatures. Finally, we covered physical security, which includes guards, gates, bollards, dogs, and other physical first-layer defenses that are crucial to our layered defense. We also discussed HVACs, power, data centers, and fire suppression. Remember, this domain is 25% of the entire curriculum, but only 13% of the exam questions, so it's important to review the material and ask questions if there's something you're not sure about. With that, we're done with this domain, and I'll see you in Domain 4.