The principal mechanism for ensuring secure communication is that of a secure channel.
A security policy descibes precisely which actions the entities in a system are allowed to take.
Security means Dependibility. i.e.
1 - Reliability
2 - Availibity
3 - Maintainablity
4 - Trust(Security)
4.1 - Confidentiality
4.2 - Integrity
Factors for Security
1 - Confidentiality
2 - Integrityy
3 - Availibility
Threats For Security
1 - Interception (unauthorized x confidential)
2 - Interruption (unavailable x available)
3 - Modification (unauthorized x integrity by authentication)
4 - Fabrication (modification of data)
Basic Security Mechanism :
1 - Encryption
2 - Authentication
3 - Authorization
4 - Auditing
Things/Assets to be protected
1 - Data
2 - Hardware
3 - Software
Controlling levels :
1 - User level : Software - Authentication and Encryption
Hardware - Smart Card etc.
2 - Program level : Writing Secure Code, by OS, Policies, Administration, Auditing
3 - OS level : Memory, File, user Authentication(PWD OR Challenge Response), AccessControl
4 - Network level : Hardware - Firewall, Caling, IDS
Software - Encryption.
5 - Database level : Query, Recoed, Storage Media
6 - Admin Level : Organize, Authorize, Manage, AccessControl, Audit
7 - Legal, Policy, Ethical
Friday, July 21, 2006
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment