Académique Documents
Professionnel Documents
Culture Documents
Security Objectives
CONFIDENTIALITY
Sealed Letter
ACCESS CONTROL
INTEGRITY
Martin Sokalski
AUTHENTICATION
Drivers License
License Number:
4574698372
DOB: 04-14-1975
Height: 60
Weight 180lbs
SS# 222 22 2222
NONNON-REPUDIATION
Notarized signature
Security Definitions
Vulnerability
Weakness in a mechanism that threatens the
confidentiality, integrity, or availability of an asset.
Threat
Potential danger to an asset, which would be carried
out by a threat agent.
Risk
Likelihood of a threat agent finding and taking
advantage of a vulnerability.
Exposure
Instance of being exposed to losses from a threat
agent.
Countermeasure
A safeguard put into place to mitigate potential
losses.
Control Types
Administrative controls
Development of policies, standards, procedures, and guidelines. They
also include screening personnel, security, awareness training,
monitoring system and network activity, and change control.
Technical controls
Logical mechanisms which provide password and resource
management, identification and authentication, and software
configurations.
Physical controls
Physically protecting individual systems, the network, employees, and
the facility from physical damage.
Technical
Controls
Logical Access,
Facility Protection,
Controls,
Security guards,
Encryption,
Locks,
Security Devices,
Monitoring,
Identification and
authentication
Environmental
Controls,
Personnel,
Security Awareness
Training
Physical
Controls
Intrusion detection
Physical Controls
Technical Controls
Administrative Controls
Company Data
and Assets
Administrative Controls
Developing policies and standards and enforcing them when they are
broken
Technical Controls
Physical Controls
Classification of Info-Assets
Classifications should be simple, such as designations by differing degrees for
sensitivity and criticality. End-user managers and security administrators can
then use these classifications in their risk assessment process to assist with
determining who should be able to access what.
Data are the core of IS assets. Categorizing them is a major part of the task of
classifying all information assets. Data classification as a control measure should
define:
Who is the owner of the information asset
Who has access rights and to do what
The level of access to be granted
Who is responsible for determining the access rights and access levels
What approvals are needed for access
Such agreements can help to reduce the risks associated with external parties.
Financial loss
Legal repercussions
Loss of credibility o r competitive edge
Blackmail
Disclosure of confidential, sensitive or embarrassing information
Sabotage
Hackers
Script kiddies
Crackers
Employees
IS personnel
End users
Former employees
Interested or educated outsiders
Part-time and temporary personnel
Third parties
Accidental ignorant
Malicious Code
Computer programs developed with evil intentions are referred to as Malicious Codes. They
are mainly categorized as below.
Virus
A computer program that is designed to replicate itself by copying itself into other programs
and cause damages.
Worm
It is a self-replicating computer program. It uses a network to send copies of itself to other
nodes and it may do so without any user intervention. Worms always harm the network (if
only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted
computer.
Trojan-horse
A program that appears to be legitimate but is designed to have destructive effects, as to data
residing in the computer onto which the program was loaded. Virus/worm dropper, Logic
bombs & time bombs are trojans. Svchost32.exe, Svhost.exe & back.exe are common
Windows service look-alike trojans.
Spyware
Spyware is computer software that collects personal information about users without their
informed consent. The term was coined in 1995 but wasn't widely used for another five years,
is often used interchangeably with adware and malware (software designed to infiltrate and
damage a computer respectively).
Virus
Malicious Code injection into the target files (exe, doc, etc). When the infected files
are opened/executed, the injected malicious code is activated and it does two things
performs the planned attach, replicates again.
Worm
No code injection. It does not use files as its hosts. It uses the vulnerabilities of the
OS to propagate. It normally replicates to different hosts in the network, and attack
combinedly. When the malicious executable is called knowingly or unknowingly,
willingly or unwillingly, it activates attacks & replicates.
Trojan-horse
Trojan is similar to a virus, except that it does not replicate itself. It stays in the
computer doing its damage or allowing somebody from a remote site to take control
of the computer. Trojans often sneak in attached to a free game or other utility.
Spyware
It does not replicate itself. The computer is infected by it while browsing
malicious/infected web sites.
Anti-virus Programs
Scanners
1. Signature scanner (looks for a virus pattern)
2. Heuristic scanner (probabilistic)
Active Monitors
Identifies ROM & BIOS calls
CRC Integrity Checkers
Calculates CRC & compares with that stored in a database
Behavior Blockers
Identifies special behaviors like changing a program, writing in MBR, etc
Immunizer
Attaches itself to a files pretending that it is already infected
Virus-walls
Firewalls with anti-virus filtering SMTP, HTTP & FTP
[Eradication programs clean the infected files & inoculator programs make infected
files unable to execute.]
Points of Entrance
Entry into the a system through:
* Network connectivity
* Remote access
* Operators console
Area
Network
OS
Databases
Applications
Application front-ends
Biometric Controls
The word biometric is derived from the Greek words bio and metric meaning life
measurement. It is defined as the automated identification or verification of an individual
based on physiological or behavioral characteristics.
Thank You