Upload File

ingredients of information security. - who has access the asset? - is the asset correct? - is the...

  • Home
  • Documents
  • Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?
22
Ingredients of Information Security

Upload: bernard-clark

Post on 05-Jan-2016

214 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Ingredients of Information Security

Page 2: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

- Who has access the asset?

- Is the asset correct?

- Is the asset accessible?

…uncorrupted?…authentic?

Page 3: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

What assets need to be secured?

Page 4: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Quality of Information System (IS) reflecting local correctnessand reliability of the operating system; the logical Completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of stored data.†

† Definition from National Information Systems Security

Page 5: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Assurance that information is not disclosed to unauthorizedpersons, processes, or devices.†

† Definition from National Information Systems Security

Page 6: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Timely, reliable access to data and information serviced forauthorized users.†

† Definition from National Information Systems Security

Page 7: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

spoofing playback (replay) attack man in the middle attack dumpster diving password cracking denial of service (DoS) attack shoulder surfing

network infrastructure attack

network scanning

buffer overflow

syn flood

Page 8: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

AssetAsset

Security System

AttackProperAccess

Page 9: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

At the root of all security is trust.

What don’t you (or shouldn’t you) trust??

Since we obviously can’t trust everything, we need to develop and implement security policy...

Page 10: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

A security _________ defines what needs to be done.

A security ______________ defines how to do it.

All passwords must be updated on a regular basis and every one must include at least

one embedded non-alphabetic symbol.

example security policy

corresponding security mechanisms

Page 11: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

AssetAsset

Security System

Security is about building barriers to protect assets.

What complicates security is the necessity for barrier penetration.

AttackProperAccess

To be secure the barrier holes must be guarded.

Page 12: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Basic Concepts in Barrier Penetration Control

- Can you prove it?

- That which you are permitted to do.

- You should be held responsible.

- Who are you?

Page 13: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Security systems need to be able to distinguish the“white hats” from the “black hats”. This all begins with identity.

What are some common identifiers used in our world?

What is the problem with using people’s names as identifiers?

Page 14: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Access privileges granted to a user, program, or process.†

† Definition from National Information Systems Security

Common authorization tokens:

Page 15: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Security measure designed to establish the validity of a transmission, message, or originator,or a means of verifying an individual’s authorization to receive specific categories of information.†

† Definition from National Information Systems Security

Page 16: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Authentication ... is a basis for trust

Password -- the most common means of authentication

Passwords are vulnerable to attacks. Why?

Uses challenge - reponse protocol

RESPONSE

password:

CHALLENGE

(Encryption required)

Challenge-response systems fail when responses are efficiently discovered.

Page 17: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Give password cracking software a challenge.The conventional wisdom is as follows...

Use first letters from some phrase you can remember.

TtlsH1wwya

Don’t use short passwords (at least 12 symbols).

Include both lowercase and uppercase and digits.

Bracket the password with non-alphanumerics.

#TtlsH1wwya&

Bracket the password with non-alphanumerics.

#TtlsH1wwya&

Alt - 0181

cracker algorithm == repeatedlycracker algorithm == repeatedly

Page 18: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

token -- small device carried by user(often includes microprocessor, keypad and/or real-time clock)

Challenge-Response Token1) System displays random number which user enters on keypad.2) Card uses keypad input to calculate and display number.3) User enters number in computer which system verifies by same computation.

Time-Based Token1) Card uses internal real-time clock value to calculate and display number.2) User enters number in computer which system verifies with its clock.

HHAD - Hand Held Authentication Device

Page 19: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

biometric -- requires special devices to read human features

Page 20: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

digital certificate -- a certificate authority performs a security checkon a user and grants an electronic certificate (essentially encryption keys)

smartcard -- physically requires reader, contains full microprocessor with cryptographic calculations performed onboard.

Smartcards can store ...

Tampering with a smartcard typically renders it useless.

Page 21: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

...what you _______ (password)

...what you _______ (key, token, smartcard)

...what you _____ (biometrics - fingerprints, retinal scan)

..._______ you are (in secure location, at some terminal)

Page 22: Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, soneither can later deny having processed the data.†

† Definition from National Information Systems Security

Access

Attacker

User


Serving as a Brand Asset for Your Institution · Being a Brand Asset Source: 5 Emotional Descriptive Brand Function Nike Authentic Athletic Performance Disney Family Fun Entertainment

Asset-Based Community Development: A Path toward Authentic

A Research on the Consequences of Authentic Leadership* · A RESEARCH ON THE CONSEQUENCES OF AUTHENTIC LEADERSHIP 67 Conceptual Framework Authentic Leadership Theory Authentic as

การประเมินตามสภาพจร ิง (Authentic Assessment)การประเมินตามสภาพจร ิง (Authentic Assessment) การประเมินจากสภาพจร

Sharing Authentic Stories - The Authentic Storytelling project

Creativity, Simplicity And Authentic Taste Authentic …Creativity, Simplicity And Authentic Taste Authentic South Indian experience from Chettiar's kitchen. *mages are for reference

Authentic Assessment in Physical Educationstaffnew.uny.ac.id/upload/131764499/pendidikan/ped-393-authentic... · Making Authentic Assessment part of your Program: Authentic Assessment

Authentic Leaders

Authentic Wealth

Authentic literacy

trim: 26.000 Asset No. 79139-Bvoctst.blob.core.windows.net/pdf/The_Voice_of_Color_White_Spaces.pdftrim and accent parts of your home. The Historical card provides authentic colors

THE AuTHEnTic DiFFEREncE DODGE mAGnum ADDiTiOnAl AuTHEnTic DODGE

Authentic Brands

Authentic leadership development: Getting to the root of ... Leadership... · authentic leader, authentic leadership and authentic leadership development. Next, we present and discuss

AUTHENTIC ARABS, AUTHENTIC CHRISTIANS: ANTIOCHIAN

Going Remote with Integrity 2 … · •Authentic assignments assessments central to authentic education •Authentic education pivots on authentic assessment Instructors Design fair

Motivating Students' Learning through Authentic …...teach English in an authentic way by: using authentic materials; using authentic classroom discourse; and doing authentic classroom

Authentic Material2

Academic Master Domain: Letters and Foreign Languages ... · 3. Non-Authentic Material and Authentic Material 3.1 Non-Authentic Materials 3.2 Authentic Materials in ESP Context 4

Authentic tasks

Authentic assessment of authentic tasks · Authentic learning environments in higher education • Many examples of authentic tasks and assessment in edited book: Authentic learning

The Uncorrupted Revelation as Experienced by John the Divine - Dr. Amitakh Stanford

Authentic CMCL

Unblemished, Uncorrupted Leadership

Authentic Instruments Authentic Playing

Authentic Tantra Training ~ Institute of Authentic Tantra

W14 Authentic and non-authentic Materials.ppt

Authentic learning

Authentic materials

Authentic Ict

Authentic materials2

Authentic learningaudiovideocell

Alternative Assessment: Ensuring Authenticity Authentic assessment of authentic achievement What is “authentic assessment”? “…an assessment requiring

Enhancing authentic learning capabilities What is it? What ... · • Authentic assessment (Herrington, Reeves & Oliver, 2010) Authentic context Authentic task Expert performance

Authentic assessments