Systems reliability ← (Confidentiality + Privacy + Processing integrity + Availability) ← Security
Fundamental Concepts
- Security is a management issue, rather than a technology one
- Policy development
- Effective communication of policies
- Design and employment of appropriate control procedures
- Monitoring & taking remedial action
- The time-based model of security
- Focusing on the relationship of preventive, detective, and corrective controls
- P>D+C → Effective
- Defense-in-depth
- To employ multiple layers of controls to avoid single failures
Targeted Attacks
- Reconnaissance
- Attempt social engineering
- Scan & map the target
- Research
- Execute
- Cover tracks
Preventive Controls
- Authentication controls: while accessing, verify the identify
- Authorization controls: restricting specific portions and what actions permitted to perform
- Access control matrix, compatibility test
- Both for users and devices
- Training
- Importance of security, anti-social engineering, IS professionals, keep abreast, top-management support
- Controlling physical access
- Controlling remote access
- Border router, firewall, DMZ (demilitarized zone), TCP / IP, routers
- ACL (access control list), static / stateful packet filtering
- Deep packet inspection, IPS (intrusion prevention systems)
- Host & application hardening
- Encryption: transforming plaintext to ciphertext (decryption)
- Symmetric / asymmetric (private and public key)
Detective Controls
- Log analysis
- Intrusion detection systems
- Managerial reports
- Security testing
Corrective Controls
- CERT (computer emergency response team)
- CISO (chief information security officer)
- Patch management
