Preventive control

The objective : to prevent security incidents from happening

Click to edit Master subtitle style

4/10/12

7 major types of preventive controls

Authentication controls

focuses on verifying the identity of the person or device attempting to access the system objected to ensure that only legitimate users can access the system users can be authenticated by verifying : 4/10/12

Authorization controls

resticts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform this controls are implemented by creating an access control matrix, a table specifying which portions of the system users are permitted and what actions they can perform
4/10/12

compatibility test : matches the users authentication credentials against the access control matrix this test is used to determine whether that employee should be allowed to access that resource and perform the requested action.

4/10/12

User User ID NHale JPJones BArnold ....

Files A 0 0 1 .... B 0 2 1 .... C 1 0 0 ....

Programs 1 0 0 1 .... 2 0 0 1 .... 3 0 0 0 .... 4 0 1 0 ....

Codes for File Access Code for Program Access 0 = No Access 0 = No Access 1 = Read/display only 1 = Execute 2 = Read/display and update 3 = Read/display, update, create, and delete

4/10/12

Training
- Social engineering attacks : using of a deception to obtain unauthorized access to information resources

4/10/12

Controlling physical access

COBITs 34 top-level control objectives DS 12 focusing on physical security

4/10/12

Controlling remote access

Perimeter defense : routers, firewalls, and intrusion prevention systems

border route connects an organizations information system to the internet firewall is a special purpose hardware/software running on a general purpose computer DMZ (demilitarized zone) is a separate network that permits 4/10/12

Overview of tcp/ip and routers

Transmission control protocol specifies the procedures for dividing files and documents into packets to be sent over the internet and the methods for reassembly the original file in the destination Internet protocol specifies the structure of those packets and how to route them to the proper destination 4/10/12

Filtering packets

Access control list (ACL) determines which packets are allowed entry and which are dropped Static packet filtering screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header Stateful packet filtering maintains a 4/10/12 table that lists all established

Deep packet inspection

The process on which the firewall examines the data in the body of an IP packet in effective way IPS/ intrusion prevention systems are designed to identify and drop packets that are part of an attack. It becomes the heart deep packet inspection of a new type filter
4/10/12

Defense-in-depth
How to achieve: integrate physical and remote access control systems. This would identify situations likely to represent security breaches

4/10/12

Dial-up Connections

RADIUS = Remote Authentication Dial-In User Service ; is a standard method for doing the verification of users identity attempting to obtain dial-in access

4/10/12