Cramsession CISSP

By Oscar Duncan,2014-05-22 21:00
25 views 0
Cramsession CISSP

    CBK #1: Access Control Systems

    ? Definition: Access Control is the set of procedures (hardware, software, and administrators) used to

    monitor access to systems, identify users requesting access, record access attempts, and grant or deny

    access based on pre-established rules and policies

    ? Access Control List (“ACL”): An ACL is a register of (1) users who have been given permission to use an

    object and (2) the types of access they have been permitted

    ? Controls: Can be used to mitigate risks. Controls can relate to subjects (entities or individuals; active entity)

    or objects (files, systems, or other resources; passive entities). Controls can be preventive, detective, or

    corrective. These can be implemented by:

    o Administrative controls: Policies and procedures, disaster recovery plans, awareness training,

    security reviews and audits, background checks, review of vacation history, separation of duties,

    and job rotation

    o Logical or technical controls: Restrict access to systems and the protection of information.

    Encryption, smart cards, anti-virus software audit trails, log files, ACLs, biometrics, and

    transmission protocols (e.g., Kerberos, IPSec)

    o Physical controls: Guards and building security, biometric access restrictions, protection of cables,

    file backups

    Mnemonic: ALP = Administrative, Logical, and Physical controls ? Constrained User Interface Menus and shells; database views; and physically constrained user

    interfaces (limited number of buttons ATM machine). Depending on how implemented, the control could

    be either physical or logical

    ? Three types of access rules:

    o Mandatory access control (MAC): Authorization of subject’s access to an object depends on labels

    (sensitivity levels), which indicate a subject’s clearance, and the classification or sensitivity of the

    relevant object. Every object is assigned a sensitivity level/label and only users authorized up to

    that particular level can access the object. Access depends on rules and not by the identity of the

    subjects or objects alone. Only an administrator (not owners) may change the category of a

    resource. Orange Book B-level. Output must be labeled as to sensitivity level. Unlike permission

    bits or ACLs, labels cannot ordinarily be changed. Can’t copy a labeled file into another file with a

    different label. Rule based AC

    o Discretionary Access Control (DAC): Subject has authority, within certain limits, to specify what

    objects can be accessible (e.g., use of ACL). User-directed means a user has discretion. Identity-

    based means discretionary access control is based on the subject’s identity. Very common in

    commercial context because of flexibility. Orange Book C level. Relies on object owner to control

    access. Identity Based AC

    o Non-Discretionary Access Control: Administrator determines which subjects can have access to

    certain objects based on organization’s security policy. May be based on individual’s role in the

    organization (Role-Based) or the subject’s responsibilities or duties (Task-Based)

    ? Check summing. Have checksum of program files to see if they have been altered. Only should change

    when updates are installed. Use to find changes made by Superzap

    ? Intrusion Detection Systems (IDS):

    o To monitor network traffic or to monitor host audit logs to detect violations of security policy.

    Detects attacks by two major mechanisms: signature based ID (Knowledge-Based) or statistical

    anomaly-based ID (Behavior-based)

    o Two general types of IDS:

    ? Network-Based IDS: Doesn’t consume network or host resources. Reviews packets and

    headers. Monitors network traffic in real time. Won’t detect attacks against a host by a user

    logged in at the host’s terminal (only the network is monitored)

    ? Host-Based IDS: Reviews system and event logs to detect attack on host. Efficacy is

    limited by lack of completeness of most host audit log capabilities. Resident on centralized


    o In many instances, Network-Based IDS will be combined with Host-Based IDS to provide a more

    complete approach to protection

    o Clipping Level: Setting thresholds on a reported activity. Clipping level of three can be set for

    reporting failed workstation logon attempts. Three or fewer won’t result in a reported security


    ? Authentication:

    o Identification and authentication are keystones in access control. Authentication establishes an

    identity of a subject, but does not guarantee authorization. Compare authorization, which

    determines whether a user is permitted to perform some action or access a resource.

    Authentication and authorization are two separate processes

    o Three possible factors for authentication:

    ? Something you have (token, key to lock)

    ? Something you know (username and password)

    ? Something you are (biometrics) o Two factor authentication refers to the use of two of the three factors listed above

    o Methods of authentication: user name and password; x.509 certificate; biometrics; smart cards;


    o Problems with passwords: repudiable, insecure, easily broken

    o Password Management (composition, length, lifetime, source, ownership, distribution, storage,

    entry, transmission, and authentication period):

    ? Configure system to use string passwords

    ? Set password time and length limits

    ? Limit unsuccessful logins

    ? Limit concurrent connections

    ? Enable auditing

    ? Use last login dates in banners

    o Cognitive Passwords: Fact-based cognitive data for user authentication. Favorite color, movie,


    o Biometrics: No common Application Programming Interface (“API”). Three factors in evaluating a

    biometric access system: average enrollment time for users must be less than 2 minutes per user,

    throughput rate should be 6-10 subjects per minute, and acceptability (privacy, invasiveness, can

    be used to detect health problems, transmission of disease). Biometric file sizes range from 9

    bytes -10,000 bytes. Three main performance measurements of biometric systems:

    ? False Rejection Rate (FRR) or Type I Error: % valid subjects rejected. Too sensitive, too

    high of a FRR

    ? False Acceptance Rate (FAR) or Type II Error: % of invalid subjects falsely accepted. Not

    sensitive enough, too high of a FAR

    ? Crossover Error Rate (CER): % at which FRR=FAR. System with CER of 2% is more

    accurate than CER of 5%

    o Types of passwords: static passwords, dynamic passwords (changes with each login), one-time

    passwords. Pass Phrase converted by system into a virtual password o Tokens Two types: memory (no processing) or smart cards. Tokens may be used to generate

    static and dynamic passwords. Tokens can be in the form of a credit card like device, a calculator-

    like device, or a dongle attached to a USB port on a workstation. Four kinds of smart cards:

    ? Static Password Tokens: Owner authenticates himself to the token and token

    authenticates owner to the system

    ? Synchronous Dynamic Password Token: Token generates a new unique password at fixed

    time intervals, users enters unique password and username into system, system confirms

    password and username are correct and entered during allowed time interval

    ? Asynchronous Dynamic Password Token: Same as synchronous except no time


    ? Challenge-Response Token: System or workstation generates random number challenge,

    owner enters string into token along with proper PIN, token generates a response that is

    entered into the system

    o Single Sign-On (SSO): Kerberos, SESAME, KryptoKnight, and NetSP can provide SSO o Kerberos. Dog in Greek mythology guarding gates of hell. Software used in a network to establish

    user’s identity. Uses symmetric key encryption. Users/systems are given tickets that can be used

    to identify themselves to other systems and secret crypto keys are provisioned for secure

    communications. Three components: Key Distribution Center (KDC), Authentication Service (AS)

    exchange, and Ticket granting Service (TGS) exchange. Single point of potential failure,

    susceptible to replay attacks during allotted time window. Four basic steps:

    ? KDC knows secret keys of all clients and servers on network

    ? KDC initially exchanges information with the client and server by using the secret keys

    ? Kerberos authenticates a client to a requested service on a server through the TGS, and

    by issuing temporary symmetric session keys for communications between the client and

    KDC, the server and the KDC, and the client and server

    ? Communication then takes place between client and server using those temporary session


    o SESAME. Secure European System for Applications in a Multivendor Environment. Addresses

    weaknesses in Kerberos by using public key cryptography for distribution of secret keys

    o KryptoKnight. IBM developed, provides authentication, SSO, and key distribution services

    o Rule of Least Privilege: Any object (user, administrator, program, system) should have only the

    least privileges the object needs to perform its assigned task, and no more. AC system grants user

    only those rights necessary for them to perform their work. Example, valet key versus overall key

    to car. Authorization creep occurs when someone continues to retain access privileges associated

    with a former position. Users should be re-authorized after each position change

    o Accountability is also important to access control. Ability to use log files and other accounting

    mechanisms to track users and their activities

    o Methods of compensating for access control violations:

    ? Backups

    ? RAID

    ? Fault Tolerance

    ? Business Continuity Planning

    ? Insurance

    o Access Control Methodologies. Access control can be divided into two categories:

    ? Centralized Access Control: For dial-up users, the Remote Authentication Dial-in User

    Service (RADIUS) is used. Callback can be used in RADIUS (beware of hackers using

    call-forwarding). Challenge Handshake Authentication Protocol (CHAP) is also used. For

    networked applications, the Terminal Access Controller Access Control System (TACACS)

    employs a user ID and a static password for network access. TACACS is unencrypted

    ? Decentralized/Distributed Access Control: Use of databases to control access to

    information in a decentralized environment. Relational database models have three parts:

    (1) data structures called tables or relations; (2) integrity rules on allowable values and

    value combinations in the tables; and (3) operators on the data in the tables. Fundamental

    entity is the relation (table or set of columns in table). With “attributes” (columns), having

    permissible values, specific attribute is “key” with unique values, occurring in “instances” or

    tuples (rows). Cardinality is the number of rows in the table. Degree is the number of

    columns in the table. Primary key is unique identifier in table that points to a tuple; subset

    of candidate keys. Candidate key is an attribute that is a unique identifier within a given

    table. If attribute in one relation has values that match primary key in another relation, this

    attribute is called a foreign key. Security is provided through views. Description of the

    database is called a schema, which is defined by the Data Description Language (DDL).

    Primary key is chosen from set of candidate keys. A domain of a relation is the set of

    allowable values that an attribute can take on. The database management system (DBMS)

    is the software that maintains and provides access to the database. Relational is used for

    information in text form. Graphics, video, and multimedia are more suited to an Object-

    Oriented Data Base (OODB). There is also the hybrid, called the Object-Relational DB

    CBK #2: Telecommunications and Network Security

    ? IDS: Not a preventive function

    o Network Based Usually consist of network appliance with Network Interface Card (“NIC”)

    operating in promiscuous mode to intercept packets in real time

    o Host Based Small programs (agents) reside on host and monitor OS. Write log files and trigger

    alarms, only detects activity on host not the network

    o Knowledge-Based (Signature) Most common system. Low false alarms, resource intensive

    (continually update knowledge base), new or original attacks go unnoticed

    o Behavior Based (Statistical anomaly) Dynamically adapts to new vulnerabilities, high incidence of

    false alarms

    ? Computer Incident Response Team (“CIRT”): Analysis of event notification; response to incident, escalation path, resolution and post-incident follow-up. Link user support and incident handling

    ? Redundant Array of Independent (Inexpensive) Disks (“RAID”): Can be implemented in hardware or

    software. Three classifications of RAID, only Failure Resistant Disk Systems (FRDS) have been

    implemented. There are ten levels of RAID. RAID 0 stripes only data; RAID 1 does disk mirroring; and

    RAID level 5, which is the most popular implementation, stripes data and parity information

    ? Port Protection Device: Protects port from unauthorized use. Uses DES one-time PW challenge

    ? Redundant Servers (mirroring) versus Server Clustering (servers are managed as single system, all are

    online and working)

    ? Cabling: Exceeding effective length is a common problem

    o Coaxial. 50 ohm and 75 ohm. Baseband carries only one channel. Broadband carries several

    channels. BNC connector

    o Twisted pair. Wires can be shielded (STP) or unshielded (UTP). Categories the higher the

    category the more tightly wound the wire, giving greater protection from interference. Category 5 is

    for fast Ethernet of 100 Mbps. STP used in Token Rings. RJ 45 connector

    o Fiber Optic. Most resistant to interference. SC connector\

    ? LAN Transmission Methods: Unicast, multicast, broadcast

    ? LAN Topologies: Bus, Ring, Star, Tree, and Mesh

    ? Ethernet: 10BaseT is 10Mbps, 100BaseT is 100Mbps

    Specification Cable Type Max Length

    10BaseT UTP 100 meters

    10Base2 Thin Coax (Thinnet) 185 meters

    10Base5 Thick Coax (Thicknet) 500 meters

    10BaseF Fiber 2000 meters ? Network topologies

    o Ethernet

    o Token Ring

    o Fiber Distributed Data Interface (FDDI) token ring passing media with dual rings ? Trivial File Transfer Protocol (TFTP): use for saving setups and configuration files on routers and other


    ? Trusted Network Interpretation (TNI) Department of Defense Red Book. Extended the Orange Book to


    ? Wide Area Network (WAN)

    o Private Circuit Technologies: dedicated line, leased line, PPP, SLIP, ISDN, DSL

    o Packet Switched technologies: X.25, Frame Relay (fastest WAN protocol, no error correction),

    Asynchronous Transfer Mode (ATM) (data travels in fixed sizes called cells), Synchronous Data

    Link Control (SDLC, mainframe), High Level Data Link Control (HDLC, serial link), High Speed

    Serial Interface (HSSI). More cost effective than dedicated circuits because they can create virtual

    circuits, which are used as needed

    o Protocols:

    ? High-level Data Link Control (HDLC). Layer 2 of OSI model. Uses frames

    ? High Speed Serial Interface (HSSI). Short distance, 50 feet

    o Remote Node Security Protocols: Password Authentication Protocol (PAP, standard authentication

    method, password and username sent in the clear) and CHAP. TACACS, TACACS+ (two factor

    ID), and RADIUS provide central database, which maintains user lists, passwords, user profiles

    that can be accessed by remote access equipment on the network. Systems are “standards-

    based” meaning they are interoperable with other systems of the same type. RADIUS cannot

    provide two-way authentication

    o Data encapsulation is process in which information from one packet is wrapped around or attached

    to the data of another packet. In OSI model each layer encapsulates the layer immediately above it

    o Open Systems Interconnect (OSI) Model from International Standards Organization (ISO):

    Layer 7 Application Security: confidentiality,

    authentication, data integrity, non-

    repudiation. Technology:

    gateways. Protocols: FTP, SNMP,


    Layer 6 Presentation Security: confidentiality,

    authentication, encryption.

    Technology: gateway

    Layer 5 Session Security: None. Technology:

    gateways. Protocols: RPC and


    Layer 4 Transport Security: confidentiality,

    authentication, integrity.

    Technology: gateways. Protocols:

    TCP and UDP, SSL and SSH-2

    Layer 3 Network Security: confidentiality,

    authentication, data integrity.

    Technology: virtual circuits,

    routers. Protocols: IP and IPSec.


    Layer 2 Data Link Security: confidentiality.

    Technology: bridges, switch.

    Protocols: HDLC, PPTP, L2F, and

    L2TP, Token ring and Ethernet,

    PPP and SLIP

    Layer 1 Physical Security: confidentiality.

    Technology: ISDN, repeaters,

    hubs. Protocols: IEEE 802 and

    802.2. X.21 and HSSI

    o Memory Aid. When learning the features of each OSI layer, think in terms of what security,

    technology, and protocols each offers. Although it is not entirely correct to group the capabilities of

    the various layers in this way, it makes memorizing them much easier

    ? DOD or TCP/IP Model

    Layer 4 Application Layer

    Layer 3 Host-to-Host TCP and UDP Layer 2 Internet IP, ARP, RARP, and

    ICMP Layer 1 Network Access


    ? Transmission Control Protocol (“TCP”) v. User Datagram Protocol (“UDP”):


    Acknowledged Unacknowledged

    Sequenced Subsequence



    Reliable Unreliable

    High overhead Low overhead (faster)

    ? Firewalls Types: Basic default should be to deny all traffic unless expressly permitted

    o Packet Filtering (screening router). Examines source and destination address of IP packet. Can

    deny access to specific applications or services based on ACL. First generation firewall. Operates

    at network or transport layer

    o Application Level Firewall (proxy server; application layer gateway). Second generation. Reduces

    network performance. Circuit level firewall is a variation, creates virtual circuit between client and


    o Stateful Inspection Firewall. Third generation. Packets are captured by an inspection engine. Can

    be used to track connectionless protocols like UDP

    o Dynamic Packet Filtering Firewalls. Mostly used for UDP. Fourth generation ? Firewall Architectures

    o Packet filtering routers

    o Screened host systems. Uses packet filtering router and a bastion host. Provides both network

    layer packet filtering and application layer proxy services

    o Dual Homed Host Firewalls. Single computer with two NICs, one connected to trusted network and

    other connected to Internet (or untrusted network)

    o Screened Subnet Firewalls. Two packet filtering routers and a bastion host. Provides Demilitarized

    Zone (“DMZ”)

    ? Virtual Private Network (“VPN”). Creates secure communications link using a secret encapsulation

    method. Link is called a secure encrypted channel, more accurately an encapsulated tunnel, because

    encryption may or may not be used. Protocols:

    o Point to point tunneling protocol (PPTP). Based on Point-to-Point Protocol (“PPP”). Primarily a dial-

    in protocol. Data link layer (Layer 2). Not limited to IP packets

    o Layer 2 Forwarding (L2F). Based on PPP. Dial in. Data link layer (Layer 2). Not limited to IP


    o Layer 2 Tunneling Protocol (L2TP). Based on PPP. Dial in. IETF wants L2TP to be standard. Data

    link layer (Layer 2). Not limited to IP packets

    o IPSec. Used LAN to LAN. Network Layer (Layer 3). Limited to IP packets. IPSec devices have two


    ? Tunnel mode entire data packet is encrypted and encased in an IPSec packet

    ? Transport mode only the datagram is encrypted, not the header ? Network requirements: NIC, transmission medium (copper, fiber, wireless), Network Operating System

    (“NOS”), and a LAN device to physically connect the computers (e.g., hub, bridge, router, switch)

    ? Repeater. Hub (concentrator). Bridge forwards data to all other network segments. Switch sends data to

    specific port where destination Media Access Control (“MAC”) address is located. Router

    ? CAN Campus Area Network

    ? Network Abuse Classes:

    o Class A Unauthorized access of restricted resources by circumvention of access controls

    o Class B Unauthorized use for non-business purposes

    o Class C -- Eavesdropping

    o Class D Denial of service or other service interruptions

    o Class E Network Intrusion

    o Class F -- Probing

    ? Local Area Network (“LAN”)

    o Address Resolution Protocol (ARP). Resolves 32 bit IP address to 48 bit MAC Ethernet address

    o Reverse Address Resolution Protocol (RARP). Ethernet MAC address to IP address

    ? Backup Concepts (must ensure physical security of backups):

    o Full

    o Incremental only copies files that have been added or changed that day

    o Differential only files that have been changed since last backup

    ? Tape Formats

    Properties Digital Quarter Inch 8mm Digital Linear

    Audio Tape Cartridge Tape Tape (DLT)

    (DAT) (QIC) drives

    Capacity 4GB/12GB 13 GB 20GB 20/35GB Max 1MBps 1.5MBps 3MBps 5MBps transfer


    Cost Medium low Medium High

CBK #3: Security Management Practices

    ? Primary Concepts: CIA Confidentiality, Integrity, and Availability. Opposite is DAD Destruction,

    Alteration, and Disclosure

    o Confidentiality

    o Integrity: Three principles to establish integrity controls: (i) granting access on need-to-know basis;

    (ii) separation of duties; and (iii) rotation of duties. Types of integrity:

    ? Modifications made by unauthorized personnel or processes

    ? Unauthorized modifications by authorized personnel or processes

    ? Internal and external consistency of data

    o Availability fault tolerance, backups

    ? Secondary Concepts

    o Identification Means by which users identify themselves to the system

    o Authentication Testing or reconciliation of evidence of user’s identity

    o Accountability System ability to determine actions of user within the system and to identify the

    user. Audit trails (must be secured) and log files

    o Authorization Rights and permissions granted to a user or process. ACL

    o Privacy Level of confidentiality and privacy protection of a user

    ? Audit trails: user accountability; reconstruction of events, intrusion detection, and problem analysis. Audit

    records: keystroke monitoring/logging and event-oriented logs. Protect integrity by requiring digital

    signatures to access, set up as write once. Use software for rapid analysis.

    ? Security Awareness Training: Awareness (Light: what, recognition, information), training (deeper: how, skill,

    knowledge), and education (deepest: why, understanding, insight).

    ? Most important question to ask in evaluating access control security is how much it is going to cost to not

    protect the valuable information.

    ? Risk Management (RM): Prime objective of security controls is to reduce effects of threats and

    vulnerabilities to a level that is tolerable (i.e., mitigate risk). Risk Analysis (RA). A “risk” is a potential harm

    or loss to a system; the probability that a threat will materialize.

    o Identifying risks:

    ? Actual threat

    ? Possible consequences if threat is realized

    ? Probable frequency of occurrence of threat

    ? Confidence threat will happen

    o Key Terms

    ? Asset resource, process, product, system, etc. Value is composed of cost of creation,

    development, license, support, replacement, public credibility, considered costs, lost

    intellectual property if disclosed, and ownership values.

    ? Threat Any event that causes undesirable impact on organization. Data classification,

    info warfare, personnel, criminal, application, operational

    ? Vulnerability Absence of safeguard constitutes vulnerability. RM triple: Asset, threat, and


    ? Safeguard control or countermeasure to reduce risk associated with a threat. Absence of

    safeguard creates a vulnerability. Look at cost/benefit analysis of deploying safeguard.

    Include impact on organization of implementing safeguard. Safeguard must include ability

    to audit. Value to organization of safeguard = ALE (Annualized Loss Expectancy before

    implementation) ALE (after implementation) Annualized safeguard cost. During or after

    activation or reset: no asset destruction, no covert channel access to or through control; no

    security loss or increase in exposure, and defaults to state that does not enable any

    operator access or rights until controls fully operational

    ? Exposure Factor (EF) Percentage loss a realized threat would have on an asset.

    Hardware failure on critical system may result in 100% loss

    ? Single Loss Expectancy (SLE) Loss from a single threat. SLE = Asset Value($) x EF

    ? Annualized Rate of Occurrence (ARO) Estimated frequency in which a threat is expected

    to occur. Range from 0 (never) to a large number (minor threats, such as misspellings)

    ? Annualized Loss Expectancy (ALE) ALE = SLE x ARO

    o Elements of RA

    ? Quantitative RA Assigns objective dollar cost

    ? Qualitative RA intangible values of data loss and other issues that are not pure hard


    ? Asset Valuation Process

    ? Safeguard Selection

    o RA Steps

    ? Identify Assets: Estimate potential losses to assets by determining their values

    ? Identify Threats: Analyze potential threats to assets

    ? Calculate risk: Define ALE

    o Remedies: Risk reduction, risk transference (transferring cost of loss to another party; i.e.,

    insurance company), and risk acceptance

    ? Information Classification

    o Prevent unauthorized disclosure and failure of confidentiality. Demonstrates due diligence,

    identifies most sensitive info, regulatory compliance, etc. SBU: Sensitive, but unclassified

    o Lattice model: Every resource and user is associated with one of an ordered set of classes.

    Resources of a particular class may only be accessed by those whose associated class is as high

    or higher than that of the resource

    o Bell-LaPadula Model (Orange Book): Most common model. Defines relationships between objects

    and subjects. Relationships are described in terms of a subject’s assigned level of access or

    privilege (security clearance) and the object’s level of sensitivity (security classification). Enforces

    lattice principle, which specifies that subjects are allowed write access to objects at the same or

    higher level as the subject, read access to objects at the same or lower level, and read/write

    access to only those objects at the same level as the subject. Example of MAC

    o DOD information classifications levels: Unclassified, confidential, secret, top secret

    o Classification criteria for information: Value, Age, Useful Life, Personally Identifiable

    o Procedures:

    ? Identify administrator/custodian

    ? Specify classification criteria

    ? Classify by owner

    ? Specify exceptions to classification policy

    ? Specify controls for each classification level

    ? Specify procedures for declassifying or transferring custody to another entity

    ? Enterprise awareness program re classification controls

    o Information Roles: Owner (officer or manager), Custodian (day-to-day responsibility for data

    protection; IT person), and End User (uses info as part of job)

    ? Policies (senior management, regulatory, advisory, informative), standards (use of specific technologies in

    a uniform way), guidelines (recommend actions, but are not compulsory), and procedures (steps to perform

    a specific task in compliance with a mandatory standard).

    Mnemonic: PSGP

    CBK #4: Applications and Systems Development

    ? Software development models: Simplistic, Waterfall (limited to one stage of re-work), Modified Waterfall

    (development phases end on milestones), and Spiral (four quadrants: requirements, objective, planning,

    risk analysis). Spiral Angular dimension is progress made in completing project. Radial dimension is

    cumulative cost of project. Barry Boehm developed development models. Using live data is not appropriate.

    Live data may not exercise all functions, including out of range and other invalid types. The programmers

    should not do testing

    ? Maintenance phase: Request control, change control, and release control

    ? Configuration Management: British Standards Institute 7799: tracking and issue of new versions. A

    configuration item is a component whose state is to be recorded and against which changes are to be

    progressed. Configuration control controls changes to the configuration items and issues versions of the

    items from the software library. Two goals: (1) ensuring changes to system do not unintentionally or

    unknowingly effect security; and (2) ensuring changes to system are reflected in documentation

    ? Software cycle:

    o Verification: Evaluate product in development against the specification

Report this document

For any questions or suggestions please email