Page 922 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 922
Miscellaneous Security Control
Characteristics
When you’re selecting or deploying security controls for network
communications, you need to evaluate numerous characteristics in
light of your circumstances, capabilities, and security policy. We
discuss these issues in the following sections.
Transparency
Just as the name implies, transparency is the characteristic of a
service, security control, or access mechanism that ensures that it is
unseen by users. Transparency is often a desirable feature for security
controls. The more transparent a security mechanism is, the less likely
a user will be able to circumvent it or even be aware that it exists. With
transparency, there is a lack of direct evidence that a feature, service,
or restriction exists, and its impact on performance is minimal.
In some cases, transparency may need to function more as a
configurable feature than as a permanent aspect of operation, such as
when an administrator is troubleshooting, evaluating, or tuning a
system’s configurations.
Verify Integrity
To verify the integrity of a transmission, you can use a checksum
called a hash total. A hash function is performed on a message or a
packet before it is sent over the communication pathway. The hash
total obtained is added to the end of the message and is called the
message digest. Once the message is received, the hash function is
performed by the destination system, and the result is compared to the
original hash total. If the two hash totals match, then there is a high
level of certainty that the message has not been altered or corrupted
during transmission. Hash totals are similar to cyclic redundancy
checks (CRCs) in that they both act as integrity tools. In most secure
transaction systems, hash functions are used to guarantee
communication integrity.
