80 likes | 102 Views
Design for Security. Pepper. Types of Security Threats. Confidentiality of the system and data Integrity of system and data Availability of system and data. Common Workplace Holes. Easy to guess passwords Not installing protection software. Ways to Protect. Vulnerability avoidance
E N D
Design for Security Pepper
Types of Security Threats • Confidentiality of the system and data • Integrity of system and data • Availability of system and data
Common Workplace Holes • Easy to guess passwords • Not installing protection software
Ways to Protect • Vulnerability avoidance • Don't connect to internet • Password changes (but not so often that people write them down) • Encryption • Attack detection and neutralization • Monitor operation • Alert unusual patterns of activity • Shut down a a part of the system or deny access to certain users • Exposure limitation and recovery • Automated backup or mirror • Insurance policies
Firesmith: 10 types of security requirements • Identification - Whether a system should identify its users (for inquiry and/or change) • Authentication - how to identify users • Authorization - who can do what • Immunity - how to protect against malware • Integrity - How data corruption can be avoided • Intrusion detection - what mechanisms should be used to detect attacks • Non-repudiation requirements - ensure every party in the transaction must admit its involvement • Privacy - keep data private if it should not be shared • Security auditing - how to audit and check that the system is secure • System maintenance - prevent unauthorized changes to production systems
Assessment • Can decide what to invest based upon • likelihood of problem occurring • level of problem a security break would cause. • There are mathematical models to help you assess and compare the likelihood and level of problems.
Secure System Design Guidelines • Base security decisions on explicit security policy - write it if it does not exist • Avoid a single point of failure • Fail securely • Balance security and usability • Log user actions • Use redundancy and diversity to reduce risk • Validate all inputs (buffer overflow, sql injection …) • Compartmentalize your assets • Design for deployment • Design for recoverability
Summary • Types of Security Threats - confidentiality, integrity, availability • Protection - avoid vulnerability; detect and neutralize attacks, ensure recovery • 10 security requirements to consider • Weigh risk and level of issue a break would cause