Академический Документы
Профессиональный Документы
Культура Документы
CIA Triad
• Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to
guide policies for information security within an organization. The model is also sometimes
referred to as the AIC triad (availability, integrity and confidentiality) to avoid confusion with the
Central Intelligence Agency. The elements of the triad are considered the three most crucial
components of security.
• Confidentiality : is roughly equivalent to privacy. Measures undertaken to ensure confidentiality are
designed to prevent sensitive information from reaching the wrong people, while making sure that the right
people can infact get it .
• Integrity : Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire
life cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be
altered by unauthorized people (for example, in a breach of confidentiality). These measures include file
permissions and user access controls. Version control maybe used to prevent erroneous changes or
accidental deletion by authorized users becoming a problem.
• Availability is best ensured by rigorously
maintaining all hardware, performing
hardware repairs immediately when needed
and maintaining a correctly functioning
operating system environment that is free of
software conflicts. It’s also important to keep
current with all necessary
system upgrades. Providing adequate
communication bandwidth and preventing
the occurrence of bottlenecks are equally
important.
• Threats
A threat is anything that can disrupt the operation, functioning, integrity, or availability of a network or system. There are
different categories of threats. There are natural threats, occurrences such as floods, earthquakes, and storms. There are
also unintentional threats that are the result of accidents and stupidity. Finally, there are intentional threats that are the
result of malicious indent. Each type of threat can be deadly to a network.
• Vulnerabilities
A vulnerability is an inherent weakness in the design, configuration, or implementation of a network or system that renders it
susceptible to a threat. Most vulnerabilities can usually be traced back to one of three sources:
1. Poor design: Hardware and software systems that contain design flaws that can be exploited. In essence, the systems are
created with security holes. An example of this type of vulnerability would be the "sendmail" flaws in early versions of Unix.
Thesendmail flaws allowed hackers to gain privileged "root" access to Unix systems.
2. Poor implementation: Systems that are incorrectly configured, and therefore vulnerable to attack. This type of vulnerability
usually results from inexperience, insufficient training, or sloppy work. An example of this type of vulnerability would be a
system that does not have restricted-access privileges on critical executable files, there by allowing these files to be altered
by unauthorized users.
3. Poor management: Inadequate procedures and insufficient checks and balances. Security measures cannot operate in a
vacuum; they need to be documented and monitored. Even something as simple as the daily backup of a system needs to be
verified. There also needs to be delineation of responsibility for some functions and dual custody for others. In this manner,
an organization can ensure that procedures are being followed and that no one person has total control of a system.
USER Authentication
• User authentication is a process that allows a device
to verify the identify of someone who connects to a
network resource. There are many technologies
currently available to a network administrator to
authenticate users. Fireware operates with
frequently used applications, including RADIUS,
Windows Active Directory, LDAP, and token-based
SecurID. The Firebox also has its own authentication
server. You can use the Firebox authentication
features to monitor and control connections
through the Firebox.
Authentication is very important when you use
dynamic IP addressing (DHCP) for computers on the
trusted or optional network. It is also important if
you must identify your users before you let them
connect to resources on the external network.
Because the Firebox® associates a user name to an
IP address, we do not recommend that you use
authentication features in a network with multi-
user computers such as Unix servers, terminal
servers or Citrix servers. The Firebox authenticates
one user per computer.
Access Control
• Access control is a security technique that can be used to regulate who or what can view or use
resources in a computing environment.
• There are two main types of access control: physical and logical. Physical access control limits
access to campuses, buildings, rooms and physical IT assets. Logical access limits connections to
computer networks, system files and data.
• Mandatory access control
• Role based access control
• Rule based access control
• Discretionary access control
Password manager, Privileged user
management
• A password manager is a software application or hardware that helps a user store and
organize passwords. Password managers usually store passwords encrypted, requiring the user to
create a master password: a single, ideally very strong password which grants the user access to
their entire password database. Some password managers store passwords on the user's
computer (called offline password managers), whereas others store data in the provider's cloud
(often called online password managers). However offline password managers also offer data
storage in the user's own cloud accounts rather than the provider‘s cloud.
• Privileged User Management (PUM), also known as “Superuser Privilege
Management” (SUPM), controls access to the administrative accounts that exist
on operating systems, applications, and databases that are used to install,
configure, administer, and manage these platforms. It also limits how long access
is granted to these accounts and provides a complete audit trail of this activity.
Data Protection
• Protecting sensitive data is the end goal of almost all IT security measures. Two
strong arguments for protecting sensitive data are to avoid identity theft and
to protect privacy.The improper disclosure of sensitive data can also cause harm
and embarrassment to students, faculty, and staff, and potentially harm the
reputation of the Institute. Therefore, it is to everyone's advantage to ensure that
sensitive data is protected.
• Plan ahead
• Know your Data
• Scale Down
• Lock up
Cryptography
• Cryptography is a method of storing and transmitting data in a particular form so that
only those for whom it is intended can read and process it. Cryptography is closely
related to the disciplines of cryptology and cryptanalysis. Cryptography includes
techniques such as microdots, merging words with images, and other ways to hide
information in storage or transit.
• Confidentiality (the information cannot be understood by anyone for whom it
was unintended)
• Integrity (the information cannot be altered in storage or transit between sender
and intended receiver without the alteration being detected)
• Non-repudiation (the creator/sender of the information cannot deny at a later
stage his or her intentions in the creation or transmission of the information)
• Authentication (the sender and receiver can confirm each other?s identity and
the origin/destination of the information)
• An intrusion detection system (IDS) is a device or software application that monitors a
network or systems for malicious activity or policy violations. Any detected activity or
violation is typically reported either to an administrator or collected centrally using
a security information and event management (SIEM) system. A SIEM system combines
outputs from multiple sources, and uses alarm filtering techniques to distinguish
malicious activity from false alarms.
• Antivirus Systems
• Everyone is familiar with the desktop version of antivirus packages like Norton Antivirus
and McAfee. The way these operate is fairly simple -- when researchers find a new virus,
they figure out some unique characteristic it has (maybe a registry key it creates or a file
it replaces) and out of this they write the virus "signature.“
• Patching and updating
It is embarrassing and sad that this has to be listed as a security measure.
Despite being one of the most effective ways to stop an attack, there is a
tremendously laid-back attitude to regularly patching systems. There is no
excuse for not doing this, and yet the level of patching remains woefully
inadequate.
• Port scanners
A port scanner scans a host or a range of hosts to determine what ports are
open and what service is running on them. This tells the attacker which
systems can be attacked.
For example, if I scan a Web server and find that port 80 is running an old
Web server, like IIS/4.0, I can target this system with my collection of exploits
for IIS 4. Usually the port scanning will be conducted at the start of the
attack, to determine which hosts are interesting.