1 / 7

Security

Security. Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people and system that are authorized. Security characteristics: Confidentiality: data or services are protected from unauthorized access.

merv
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security • Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people and system that are authorized. • Security characteristics: • Confidentiality: data or services are protected from unauthorized access. • Integrity: data or services are not subject to unauthorized manipulation. • Availability: the system will be available for legitimate use. • Authentication: verifies the identities of the parties to transactions and checks if they are truly who they claim to be. • Nonrepudiation: guarantees that the sender of a message cannot later deny having sent the message, and the recipient cannot deny having received the message. • Authorization: grants a user the privileges to perform a task.

  2. Security

  3. Security Tactics

  4. Security Tactics • Detect Attacks • Detect intrusion: by comparison of network traffic or service request patterns within a system to a set of signatures or known patterns of malicious behavior stored in a database. • Detect service denial: by comparison of the pattern or signature of network traffic coming into a system to historical profiles of known denial-of-service attacks. • Verify message integrity: by employing techniques such as checksums or hash values to verify of messages, resource files, deployment files, and configuration files. • Detect message delay: detect potential man-in-middle attacks, where a malicious party is intercepting (and possibly modifying) messages, by checking the time that it takes to deliver a message.

  5. Security Tactics • Resist Attacks • Identity actors: identify the source of an external input to the system • Authenticate actors: ensure that an actor (user or computer) is actually who or what it purports to be. • Authorize actors: ensure that an authenticated actor has the rights to access ad modify either data or services. • Limit access: limiting access to computing/hardware resources. • Limit exposure: minimize the attack surface of a system by having the least possible number of access points for resources, data, or services and reducing the number of connectors that may provide unanticipated exposure. • Encrypt data: to provide extra protection to persistently maintained data beyond that available from authorization. • Separate entities: separate sensitive and non-sensitive data by physical separation on different computers, to reduce the attack possibility from non-sensitive data users. • Change default settings: to prevent attackers from gaining access to the system through settings that are generally publicly available.

  6. Security Tactics • React to Attacks • Revoke access: when an attack is underway, access can be severely limited to sensitive resources, even for normally legitimate users and uses. • Lock computer: limit access from a particular computer if there are repeated failed attempts to access an account from that computer. • Inform actors: the relevant actors must be notified when the system has detected an attack.

  7. Security Tactics • Recover from Attacks • Maintain audit trail • Restore (same as availability tactics)

More Related