Friday, July 21, 2006

something about Security

The principal mechanism for ensuring secure communication is that of a secure channel.

A security policy descibes precisely which actions the entities in a system are allowed to take.

Security means Dependibility. i.e.
1 - Reliability
2 - Availibity
3 - Maintainablity
4 - Trust(Security)
  4.1 - Confidentiality
  4.2 - Integrity

Factors for Security
1 - Confidentiality
2 - Integrityy
3 - Availibility

Threats For Security
1 - Interception (unauthorized x confidential)
2 - Interruption (unavailable x available)
3 - Modification (unauthorized x integrity by authentication)
4 - Fabrication (modification of data)

Basic Security Mechanism :
1 - Encryption
2 - Authentication
3 - Authorization
4 - Auditing

Things/Assets to be protected
1 - Data
2 - Hardware
3 - Software


Controlling levels :
1 - User level : Software - Authentication and Encryption
  Hardware - Smart Card etc.
2 - Program level : Writing Secure Code, by OS, Policies,   Administration, Auditing
3 - OS level : Memory, File, user Authentication(PWD OR Challenge Response), AccessControl
4 - Network level : Hardware - Firewall, Caling, IDS
        Software - Encryption.
5 - Database level : Query, Recoed, Storage Media
6 - Admin Level : Organize, Authorize, Manage, AccessControl, Audit
7 - Legal, Policy, Ethical

No comments: