System Security Basics. Information System Security The protection of information systems against...

Preview:

Click to see full reader

Citation preview

System Security Basics

Information System Security

• The protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.

Fortress Model

• Watch towers to detect threat

• Protection by:– Moat– Outer Wall– Inner Wall of Keep

• Draw bridge and Gate – controlled access

Fortress model for defense

1. Critical information

2. Physical protection

3. Operation system hardening

4. Information access

5. External access

1. Critical Information

• Data categorization– Public– Internal– Confidential– Secret

• Application hardening

2. Physical Protection

• Physical environment– Geographical location– Social environment– Building construction

• Physical controls

• Communications

• Surveillance

3. Operation Systems Hardening

• Security configuration

• Anti-malware

• File system– Encrypting File System

• ADDS security

• System redundancy

4. Information Access

• User identification

• Security policies

• Resources access

• Role base access control

• Access auditing

• Digital rights management

5. External Access

• Perimeter network

• VPN/ RRAS (Routing and Remote Access)

• SSTP (Secure Socket Tunneling Protocol)

• PKI

• Identity federation

• NAP (Network Access Protection)

Polices, Procedures & Awareness

Data

Application

Host

Internal Network

Perimeter

The Microsoft Model

Things to do

• Identify who enter your system

• Provide the user with the appropriate access right

• Identify the person modifying the data is authorized to do so

• Guarantee the confidentiality of information

• Guarantee the availability of information

Things to do

• Ensure the integrity of the information

• Monitor the activities of the system

• Audit security events

• Put in administrative procedures to ensure the system is secure

System composition

• File server/ Print server/ Fax server

• Web server

• Application server

• DNS server

• DHCP server

• Domain controller

• Terminal server

System composition

• Email server

• RADIUS server

• VPN server

• Certificate server

• UDDI server

• Network policy and access server

• Gateway/ Firewall/ Switch

• And users

Recommended

HP ProtectTools Security Manager Guideh10032. · HP ProtectTools Security Manager ProtectTools Security Manager software provides security features that help protect against unauthorized
Documents
Information security. The protection of information and ...€¦ · Information security. The protection of information and information systems against unauthorized access or modification
Documents
Communications Security Yaakov (J) Stein CTO. Communications Security 2 Communications security (COMSEC) means preventing unauthorized access to communications
Documents
Information Security Policy - rider.edu The purpose of the is policy is to protect Rider University information resources from accidental or intentional unauthorized access, modification,
Documents
Security Breach Notification Chart - Perkins Coie...breach of security, sensitive personally identifying information has been acquired by an unauthorized person and is reasonably likely
Documents
Student Guide for Unauthorized Disclosure of Classified ... · PDF fileCenter for Development of Security Excellence Page 1 Student Guide . Unauthorized Disclosure of Classified Information
Documents
Develop Your Information Security Management … SecURITY & RISK PRofeSSIoNAS Develop your information Security Management System anuary 19, 2017 2017 forrester Research, Inc. Unauthorized
Documents
1 IT Security TCS Internal. 2 IT Security TCS Internal Information Security means protecting information and information systems from unauthorized access,
Documents
INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,
Documents
Baseline Information Security Standards: An Audit …...“Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification
Documents
Data Security. Unauthorized Access Natural disaster Accidentals Destruction ( Hard ware failure )
Documents
Information Privacy, Security and Ethical Considerations · An ethical requirement that requires attorneys to make “reasonable efforts” to prevent unauthorized use or disclosure
Documents
Unauthorized Disclosures of Classified Information Text
Documents
of Terminology . . . A€¦ · the heart of information security (InfoSec). It is the protection of information, intellectual property, privacy, and technology from unauthorized access,
Documents
Information Security: Opportunities to Reduce the Risk of ......2017/09/27  · Office of the Inspector General In Brief Information Security: Opportunities to Reduce the Risk of Unauthorized
Documents
Information Security: Opportunities to Reduce the Risk of ... · Information Security: Opportunities to Reduce the Risk of Unauthorized Access to the Smithsonian Institution’s Publicly
Documents
INFOWATCH GROUP Information security and services · InfoWatch Traffic Monitor is designed for security officers to control the information flows and prevent unauthorized use of information
Documents
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but
Documents
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure
Documents
Security Breach Notification Chart - perkinscoie.com · The unauthorized acquisition of data in electronic form containing sensitive personally identifying information. ... or guidance
Documents