Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Chapter 1 Study Outline
Document related concepts
Next-Generation Secure Computing Base wikipedia , lookup
Cyberwarfare wikipedia , lookup
Access control wikipedia , lookup
Multilevel security wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Airport security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Distributed firewall wikipedia , lookup
Cyberattack wikipedia , lookup
Wireless security wikipedia , lookup
Information security wikipedia , lookup
Unix security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Mobile security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Social engineering (security) wikipedia , lookup
Transcript
Information Security Basics 1 6/28/2017 Chapter 1 Study Outline I. Information Security A. Information security refers to the measures adopted to prevent the unauthorized use, misuse, modification, or denial of use of knowledge, facts, data, or capabilities. B. Information security involves identifying the threats and vulnerabilities of the organization and managing them appropriately. C. Implementing a proper information security system is not a one-time activity. It requires a constant vigilance against new security threats that might arise. D. The need to examine the history of security. E. Changes in technology and society have resulted in the evolution of the various security concepts of today. F. Physical security. 1. In the early days, man stored information on physical media like stone, paper etc. 2. Protection of these physical assets needed physical security measures like guards, walls, moats, etc. 3. Information was transmitted as messages delivered by messengers. G. Communication security. 1. Communication security evolved as a result of the problem with physical security. H. Emissions security. 1. A new security threat associated with sending encrypted messages over the phone lines was identified in the 1950’s. 2. All electronic systems give off electronic emissions and these electronic signals bypass encryption. 093-2 1-1 Information Security Basics 3. 1 6/28/2017 The original unencrypted signal, found along with the encrypted signal on the telephone lines, could be recovered with good equipment. 4. To deal with the issue of emissions security, the United States created a program called the TEMPEST. a) The TEMPEST program created electrical emissions standards for computer systems used in very sensitive environments. I. Computer security. 1. With the advent of computers, organizations began to store information on them in electronic format. 2. The need of computer security arose from the fact that any person with access to the computer system also got access to the information on it. 3. If a person had a clearance level that was higher than the classification level of a file, that person could access the file. 4. If the person’s clearance level were lower than the file’s classification, access would be denied. 5. The Trusted Computing System Evaluation Criteria (TCSEC) or the Orange Book developed in 1983. 6. For each division, the Orange Book defined functional requirements as well as assurance requirements. 7. Other criteria that attempted to find a method of certifying computer systems for security while decoupling functionality from assurance included: a) The German Green Book developed in 1989. b) The Canadian Criteria developed in 1990. c) The Information Technology Security Evaluation Criteria (ITSEC) developed in 1991. 093-2 1-2 Information Security Basics 1 6/28/2017 d) The Federal Criteria (now known as the Common Criteria) developed in 1992. 8. Network security. a) New security issues arose when computers were networked together. b) The Orange Book did not address the issue of networked computers. c) The Trusted Network Interpretation of the TCSEC (TNI), or the Red Book developed in 1987 dealt with the issue of network security. d) The Red Book took all of the requirements of the Orange Book and attempted to address a networked environment of computers. e) J. The Red Book did cover wireless networks. Information security as a total security solution. 1. Good physical security is necessary to protect physical assets like paper records and systems. 2. Communication security (COMSEC) is necessary to protect information in transit. 3. Emission security (EMSEC) is needed when the enemy has significant resources to read the electronic emissions from the computer systems. 4. Computer security (COMPUSEC) is necessary to control access on the computer systems. 5. Network security (NETSEC) is needed to control the security of the local area networks. K. A good security solution. 1. A good security solution is a mix of all of the various types of security. II. Defining Security as a Process A. Many different products and types of products are necessary to fully protect an organization’s information assets. 093-2 1-3 Information Security Basics 1 6/28/2017 B. A good security solution would involve implementation of the security products most suitable for the organizations needs, along with good security practices and constant vigilance. C. Some prominent security technologies and product categories. 1. Anti-virus software. a) An anti-virus software that is properly implemented and configured can reduce an organization’s exposure to malicious programs. b) An anti-virus software does not protect an organization from: (1) An intruder who misuses a legitimate program to gain access to a system. (2) Legitimate users who attempt to gain access to files that they should not have access to. D. Access controls. 1. If systems are properly configured and the file permissions set appropriately, file access controls can restrict legitimate users from accessing files they should not have access to. 2. Access controls do not prevent user from using a system vulnerability to gain access to the system as an administrator and thus see files on the system. E. Firewalls 1. Firewalls are access control devices for the network that assist in protecting an organization’s internal network from external attacks. 2. A firewall does not protect an organization’s network if: a) The attacker uses an allowed connection to attack a system. b) The attacker is an internal user. c) The attacker hops onto the wireless network and appears as an internal user. 093-2 1-4 Information Security Basics F. 1 6/28/2017 Smart cards. 1. Passwords are the most commonly used authentication mechanisms. 2. Smart cards are another authentication mechanism. a) They reduce the risk of someone guessing a password. b) If a smart card is stolen and if it is the sole form of authentication, the thief could masquerade as a legitimate user of the network or computer system. c) Another issue with this authentication mechanism is its high cost. G. Biometrics 1. Biometric systems are another authentication mechanism that reduces the risk of someone guessing a password. 2. Biometric systems involve scanning of some human characteristic such as fingerprints or retina as a method of identification. 3. Issues that arise with the use of biometrics include the cost of deploying the biometric scanners and the willingness of staff to use them. 4. Biometric systems can also fail: an attacker may force an authentic user to use the biometric scanner and thus gain entry to the system. H. Intrusion detection. 1. Intrusion detection involves identifying unauthorized access to the system and stopping them. 2. Intrusion detection systems by themselves cannot be the solution to the entire security problem. a) No intrusion detection system is foolproof, and they cannot replace a good security program or good security practice. I. Policy management. 1. With a policy management system, an organization can be made aware of any system that does not conform to policy. 093-2 1-5 Information Security Basics 2. 1 6/28/2017 Policy management cannot prevent attacks that may occur due to: a) Vulnerabilities in systems. b) Misconfigurations in application software. c) J. Stolen passwords. Vulnerability scanning. 1. Scanning computer systems for weaknesses in configurations or patch levels will help an organization identify potential entry points for intruders. 2. Vulnerability scanning alone will not protect your computer systems. a) Vulnerability scanning will not detect: (1) Legitimate users who may have inappropriate access. (2) An intruder who is already in the system. 3. Security measures must be implemented immediately after each vulnerability is identified. K. Encryption 1. Encryption protects: a) Information in transit. b) Information in storage by the encryption of files. 2. Encryption by itself will not provide security. a) The encryption system will not differentiate between legitimate and illegitimate users if both present the same keys to the encryption algorithm. L. Physical security mechanisms. 1. Physical security is necessary to provide unauthorized physical access to information and systems. 093-2 1-6 Information Security Basics 2. 1 6/28/2017 Physical security will not protect the systems from attacks that use legitimate access or attacks that come across the network instead of through the front door. 093-2 1-7
