SlideShare a Scribd company logo

Information Security Management. Security solutions copy

Download as PPT, PDF
Y
yuliana_mar

Information Security Management. Introduction. By Yuliana Martirosyan, Based on Bell G. Reggard, Information Security Management. Concepts and Practices.

1 of 23
Information Security Management Security Solutions By Yuliana Martirosyan Based on Bell G. Reggard, Information Security Management. Concepts and Practices.
13. Security Solutions Information protection is not a goal in itself but rather the reduction of owner’s harm resulting from it. American Bar association reported a decade ago that hackers caused harm as high as $10 million. FBA reports that business lose $7.5 billion a year to attacks. 13.1 Introduction
13. Security Solutions 13.2 Security Solutions Organization of security solutions Security Solution Cryptography Access Control Traffic Control PhysicalSecurity Analysis Hash Symmetric Cryptography Public-Key Cryptography DS VPN Passwords Authentication Biometrics VPN IP Packet Filter Firewalls IP App Level Firewalls Hybrid Firewall Cyberwall Statefull Insp. Firewall VPN Audit Penetration Security Plan Reviews Risk Analysis Vulnerability Assessment Intrusion Detection Locks Disconnect Backup Higher Availability Clusters Security Mngmt
13. Security Solutions 13.2.1 Security Management 13.2.1.1 Information Security Management This is the most important class of security solutions. It is related to organizational security of the company. There are two main components: 1. Effectiveness in securing the system (ISO 27002) 2. Information Security Management system (ISO 27001) 13.2 Security Solutions
13. Security Solutions 13.2.1 Security Management 13.2.1.2 Simple Network Management Major components used in networking are routers, switches, firewalls and access servers. (Network topology) Routers draw a hierarchy of LANs and autonomous systems to find optimal paths to information recourses worldwide. 13.2 Security Solutions Network Management Data Centers Unicenter from IBM Network Management System tools Open View from HP Enterprise System Management ESM
13. Security Solutions 13.2.2 Cryptographic Solutions 13.2.2.1 Cryptography Hash Functions Symmetric Cryptography Public-Key Cryptography Digital Signatures Virtual Private Networks 13.2.2.1 The Main Cryptographic Mechanisms Symmetric Cryptography: Private Key (AES) Asymmetric Cryptography: Public Key (RSA) 13.2 Security Solutions
13. Security Solutions 13.2.2 Cryptographic Solutions 13.2.2.3 Block and Stream Ciphers in Symmetric Cryptography Symmetric ciphers are now usually implemented using: • Block ciphers: a fixed-length block of plain text is converted into cipher text of the same length • Stream ciphers: data is encrypted bit/byte at a time 13.2.2.4 Digital Signatures Used to or demonstrating the authenticity of a digital message or document. DS algorithms: RSA, DSS, Elliptic Curves Crypto-systems : PGP, S/MIME 13.2 Security Solutions
13. Security Solutions 13.2.2 Cryptographic Solutions 13.2.2.5 Virtual Private Networks (VPN) A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network. Intranet VPN: several buildings may be connected to a data center (strong encryption) Remote Access VPN laptops that connect intermittently from different locations (authentication) Extranet VPN access corporate resources across various network architectures 13.2 Security Solutions
13. Security Solutions 13.2.2 Cryptographic Solutions 13.2.2.5.1 Dial-Up VPN (PPTP VPN) 13.2 Security Solutions Firewall Intranet
13.2.2 Cryptographic Solutions: PPP VPN implementation 13. Security Solutions 13.2 Security Solutions Firewall Firewall
13. Security Solutions 13.2.2 Cryptographic Solutions 13.2.2.5.2 Layer Two Tunnel Protocol (L2TP) Layer Two Tunneling Protocol (L2TP) is a combination of PPTP and Layer 2 Forwarding. The main rival to PPTP for VPN tunneling was Cisco’s L2F. 13.2.2.5.1 Internet Protocol Security (IPSEC) IPsec is a collection of protocols that provide low-level network security. IPsec exists at the network layer. 13.2 Security Solutions
13. Security Solutions 13.2.3 Access Control Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system. The three most widely recognized models are: • Discretionary Access Control (DAC) • Mandatory Access Control (MAC) • Role Based Access Control (RBAC) 13.2 Security Solutions
13. Security Solutions 13.2.3 Access Control Access Control Technologies: • Passwords, tokens, smart cards, encrypted keys • Authentication • Biometrics • VPN 13.2 Security Solutions
13. Security Solutions 13.2.3 Access Control Authentication Encryption can be used not only to hide data from prying eyes. For example, cryptographic method, Tripwire. It build database of cryptographic checksums for selected files. Attempts to unauthorized access to data will be detected by Tripwire Biometrics Fingerprints, Facial Recognition, Hand geometry, DNA 13.2 Security Solutions
13. Security Solutions 13.2.4 Data Traffic Control Security Rules: Rule1: Trust Inside Rule 2: Least privilege Rule 3: Selective blocking Opposite of Rule 2 Firewalls: Network firewalls Application firewalls Stateful inspection firewalls 13.2 Security Solutions
13. Security Solutions 13.2.5 Security Analysis Security Testing: Penetration testing External Source Penetration Test Internal source penetration Test Target system penetration test Vulnerability Assessment The process of identifying and quantifying weaknesses of the system, and determine their effect. Analyze threats that potentially can cause compromise, spoofing, or denial of service. 13.2 Security Solutions
13. Security Solutions 13.2.5 Security Analysis: Security Review • System, Network and Topology evaluation • Administration checklist • File servers and workstations • Individual accountability • Disaster recovery • Connectivity • E-mail Controls • Policy Review • Logical Security • Managerial security • Physical Security 13.2 Security Solutions
13. Security Solutions 13.2.5 Security Analysis Forensic Investigation • Use of sterile media • Hardware investigation • Original data • Write protected media • Deleted, hidden or recored files • File revision documentation • Data manipulation • Files’ organization • Potential evidence • Report generation 13.2 Security Solutions
13. Security Solutions 13.2.5 Security Analysis Security Audit • Planning the audit • Auditing • Report and post-mortem • Action 13.2 Security Solutions
Security Control Management Class, Family and Identifier Class Family Identifier Management Risk Assessment RA Management Planning PL Management System and Services Acquisition SA Management Certification, Accreditation, and Security Assessment CA 13. Security Solutions 13.3 The NIST Security Solution Taxonomy
Class Family Identifier Operational Personnel Security PS Operational Physical and Environmental Protection PE Operational Contingency Planning CP Operational Configuration Management CM Operational Maintenance MA Operational System and Information Integrity SI Operational Media Protection MP Operational Incident Response IR Operational Awareness and Training AT 13. Security Solutions 13.3 The NIST Security Solution Taxonomy Security Control Technical Class, Family and Identifier
Security Control Technical Class, Family and Identifier Class Family Identifier Operational Identification and Authentication IA Operational Access Control AC Operational Audit and Accountability AU Operational System and Communications Protection SC 13. Security Solutions 13.3 The NIST Security Solution Taxonomy
1 Risk Assessment and Treatment 2 Security Policy 3 Organization of Information Security 4 Asset Management 5 Human Resources Security 6 Physical Security 7 Communications and Ops Management 8 Access Control 9 Information Systems Acquisition, Development, Maintenance 10 Information Security Incident management 11 Business Continuity 12 Compliance 13. Security Solutions 13.4 The ISO Security Taxonomy

Recommended

Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introduction
yuliana_mar
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
joevest
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Security and management
Security and managementSecurity and management
Security and management
ArtiSolanki5
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
Eryk Budi Pratama
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Information security
Information security Information security
Information security
razendar79
 

Recommended

Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introduction
yuliana_mar
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
joevest
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Security and management
Security and managementSecurity and management
Security and management
ArtiSolanki5
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
Eryk Budi Pratama
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Information security
Information security Information security
Information security
razendar79
 
Aspects of data security
Aspects of data securityAspects of data security
Aspects of data security
SaranSwathi1
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Data security
Data securityData security
Data security
AbdulBasit938
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
Happiest Minds Technologies
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
vaishalshah01
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mukesh Chinta
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
JamesDempsey1
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
KATHEESKUMAR S
 
Information security
Information securityInformation security
Information security
LJ PROJECTS
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
Shahbaz Khan
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Information security principles
Information security principlesInformation security principles
Information security principles
Dan Morrill
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
Ivo Depoorter
 
Marcos seguridad-v040811
Marcos seguridad-v040811Marcos seguridad-v040811
Marcos seguridad-v040811
faau09
 
Práctica calificada 2
Práctica calificada 2Práctica calificada 2
Práctica calificada 2
Kramer Garay Gómez
 

More Related Content

What's hot

Aspects of data security
Aspects of data securityAspects of data security
Aspects of data security
SaranSwathi1
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Data security
Data securityData security
Data security
AbdulBasit938
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
Happiest Minds Technologies
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
vaishalshah01
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mukesh Chinta
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
JamesDempsey1
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
KATHEESKUMAR S
 
Information security
Information securityInformation security
Information security
LJ PROJECTS
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
Shahbaz Khan
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Information security principles
Information security principlesInformation security principles
Information security principles
Dan Morrill
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
Ivo Depoorter
 

What's hot (20)

Aspects of data security
Aspects of data securityAspects of data security
Aspects of data security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Data security
Data securityData security
Data security
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information security
Information securityInformation security
Information security
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
Information security
Information securityInformation security
Information security
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
Information security principles
Information security principlesInformation security principles
Information security principles
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Information Security
Information SecurityInformation Security
Information Security
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 

Viewers also liked

Marcos seguridad-v040811
Marcos seguridad-v040811Marcos seguridad-v040811
Marcos seguridad-v040811
faau09
 
Práctica calificada 2
Práctica calificada 2Práctica calificada 2
Práctica calificada 2
Kramer Garay Gómez
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
Lecture5
Lecture5Lecture5
Lecture5
Majid Taghiloo
 
Security concepts
Security conceptsSecurity concepts
Security concepts
artisriva
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Eric Vanderburg
 
360suite Business Objects Xi3 New Security Concepts
360suite Business Objects Xi3 New Security Concepts360suite Business Objects Xi3 New Security Concepts
360suite Business Objects Xi3 New Security Concepts
Sebastien Goiffon
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
Donald E. Hester
 
Understanding Information Security
Understanding Information SecurityUnderstanding Information Security
Understanding Information Security
Sanjaya K Saxena
 
PACE-IT: Basic Network Concepts (part 2)
PACE-IT: Basic Network Concepts (part 2)PACE-IT: Basic Network Concepts (part 2)
PACE-IT: Basic Network Concepts (part 2)
Pace IT at Edmonds Community College
 
Creando un Laboratorio para Evaluar UX - SG Next 2016
Creando un Laboratorio para Evaluar UX - SG Next 2016Creando un Laboratorio para Evaluar UX - SG Next 2016
Creando un Laboratorio para Evaluar UX - SG Next 2016
Victor M. Gonzalez
 
Spanish technical report cmmi v 1 3
Spanish technical report cmmi v 1 3Spanish technical report cmmi v 1 3
Spanish technical report cmmi v 1 3
rjsernaque
 
Brasil oportunidades
Brasil oportunidadesBrasil oportunidades
Brasil oportunidades
AaronDeejay Montoya Paiva
 
American revolution
American revolutionAmerican revolution
American revolution
leed60218
 
Evaluación Conferencia 2013 JPH.
Evaluación Conferencia 2013 JPH.Evaluación Conferencia 2013 JPH.
Evaluación Conferencia 2013 JPH.
Mario Arturo Cervantes Miranda
 
Pie los equipos de trabajo en los talleres del ies la rosaleda
Pie los equipos de trabajo en los talleres del ies la rosaledaPie los equipos de trabajo en los talleres del ies la rosaleda
Pie los equipos de trabajo en los talleres del ies la rosaleda
Mª Isabel Pérez Ortega
 
Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...
Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...
Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...
FIA2010
 
Alubox CATALOG GENERAL 2013 CUTII POSTALE IMPORT
Alubox CATALOG GENERAL 2013 CUTII POSTALE IMPORT Alubox CATALOG GENERAL 2013 CUTII POSTALE IMPORT
Alubox CATALOG GENERAL 2013 CUTII POSTALE IMPORT
Mail Box Production
 
MultitudInvisible. Seminario Cultura y Medio Ambiente (Nicaragua)
MultitudInvisible. Seminario Cultura y Medio Ambiente (Nicaragua)MultitudInvisible. Seminario Cultura y Medio Ambiente (Nicaragua)
MultitudInvisible. Seminario Cultura y Medio Ambiente (Nicaragua)
CulturAmbiente AC
 
Beneficios del aula invertida
Beneficios del aula invertidaBeneficios del aula invertida
Beneficios del aula invertida
Reduca
 

Viewers also liked (20)

Marcos seguridad-v040811
Marcos seguridad-v040811Marcos seguridad-v040811
Marcos seguridad-v040811
 
Práctica calificada 2
Práctica calificada 2Práctica calificada 2
Práctica calificada 2
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
Lecture5
Lecture5Lecture5
Lecture5
 
Security concepts
Security conceptsSecurity concepts
Security concepts
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
 
360suite Business Objects Xi3 New Security Concepts
360suite Business Objects Xi3 New Security Concepts360suite Business Objects Xi3 New Security Concepts
360suite Business Objects Xi3 New Security Concepts
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
 
Understanding Information Security
Understanding Information SecurityUnderstanding Information Security
Understanding Information Security
 
PACE-IT: Basic Network Concepts (part 2)
PACE-IT: Basic Network Concepts (part 2)PACE-IT: Basic Network Concepts (part 2)
PACE-IT: Basic Network Concepts (part 2)
 
Creando un Laboratorio para Evaluar UX - SG Next 2016
Creando un Laboratorio para Evaluar UX - SG Next 2016Creando un Laboratorio para Evaluar UX - SG Next 2016
Creando un Laboratorio para Evaluar UX - SG Next 2016
 
Spanish technical report cmmi v 1 3
Spanish technical report cmmi v 1 3Spanish technical report cmmi v 1 3
Spanish technical report cmmi v 1 3
 
Brasil oportunidades
Brasil oportunidadesBrasil oportunidades
Brasil oportunidades
 
American revolution
American revolutionAmerican revolution
American revolution
 
Evaluación Conferencia 2013 JPH.
Evaluación Conferencia 2013 JPH.Evaluación Conferencia 2013 JPH.
Evaluación Conferencia 2013 JPH.
 
Pie los equipos de trabajo en los talleres del ies la rosaleda
Pie los equipos de trabajo en los talleres del ies la rosaledaPie los equipos de trabajo en los talleres del ies la rosaleda
Pie los equipos de trabajo en los talleres del ies la rosaleda
 
Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...
Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...
Isidro Laso Ballesteros (DG Information Society and Media) Internet Architect...
 
Alubox CATALOG GENERAL 2013 CUTII POSTALE IMPORT
Alubox CATALOG GENERAL 2013 CUTII POSTALE IMPORT Alubox CATALOG GENERAL 2013 CUTII POSTALE IMPORT
Alubox CATALOG GENERAL 2013 CUTII POSTALE IMPORT
 
MultitudInvisible. Seminario Cultura y Medio Ambiente (Nicaragua)
MultitudInvisible. Seminario Cultura y Medio Ambiente (Nicaragua)MultitudInvisible. Seminario Cultura y Medio Ambiente (Nicaragua)
MultitudInvisible. Seminario Cultura y Medio Ambiente (Nicaragua)
 
Beneficios del aula invertida
Beneficios del aula invertidaBeneficios del aula invertida
Beneficios del aula invertida
 

Similar to Information Security Management. Security solutions copy

DG_Architecture_Training.pptx
DG_Architecture_Training.pptxDG_Architecture_Training.pptx
DG_Architecture_Training.pptx
TranVu383073
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
Ulf Mattsson
 
Securing data at rest with encryption
Securing data at rest with encryptionSecuring data at rest with encryption
Securing data at rest with encryption
Ruban Deventhiran
 
Security management(new) (1)
Security management(new) (1)Security management(new) (1)
Security management(new) (1)
Divyesh Chauhan
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
technext1
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
Savvius, Inc
 
Dstca
DstcaDstca
Dstca
ajay vj
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance Essay
Dotha Keller
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
Andy Bochman
 
Web security
Web securityWeb security
Web security
Himanshu Tyagi
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
Ulf Mattsson
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Force 3 Software Practice Overview
Force 3 Software Practice OverviewForce 3 Software Practice Overview
Force 3 Software Practice Overview
Force 3
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
 
Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptx
neoalt
 
Is4560
Is4560Is4560
Is4560
Tara Hardin
 
Network Security
Network SecurityNetwork Security
Network Security
forpalmigho
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
S.E. CTS CERT-GOV-MD
 
Network and web security
Network and web securityNetwork and web security
Network and web security
Nitesh Saitwal
 

Similar to Information Security Management. Security solutions copy (20)

DG_Architecture_Training.pptx
DG_Architecture_Training.pptxDG_Architecture_Training.pptx
DG_Architecture_Training.pptx
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
Securing data at rest with encryption
Securing data at rest with encryptionSecuring data at rest with encryption
Securing data at rest with encryption
 
Security management(new) (1)
Security management(new) (1)Security management(new) (1)
Security management(new) (1)
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Dstca
DstcaDstca
Dstca
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance Essay
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
 
Web security
Web securityWeb security
Web security
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Force 3 Software Practice Overview
Force 3 Software Practice OverviewForce 3 Software Practice Overview
Force 3 Software Practice Overview
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptx
 
Is4560
Is4560Is4560
Is4560
 
Network Security
Network SecurityNetwork Security
Network Security
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 

Information Security Management. Security solutions copy

  • 1. Information Security Management Security Solutions By Yuliana Martirosyan Based on Bell G. Reggard, Information Security Management. Concepts and Practices.
  • 2. 13. Security Solutions Information protection is not a goal in itself but rather the reduction of owner’s harm resulting from it. American Bar association reported a decade ago that hackers caused harm as high as $10 million. FBA reports that business lose $7.5 billion a year to attacks. 13.1 Introduction
  • 3. 13. Security Solutions 13.2 Security Solutions Organization of security solutions Security Solution Cryptography Access Control Traffic Control PhysicalSecurity Analysis Hash Symmetric Cryptography Public-Key Cryptography DS VPN Passwords Authentication Biometrics VPN IP Packet Filter Firewalls IP App Level Firewalls Hybrid Firewall Cyberwall Statefull Insp. Firewall VPN Audit Penetration Security Plan Reviews Risk Analysis Vulnerability Assessment Intrusion Detection Locks Disconnect Backup Higher Availability Clusters Security Mngmt
  • 4. 13. Security Solutions 13.2.1 Security Management 13.2.1.1 Information Security Management This is the most important class of security solutions. It is related to organizational security of the company. There are two main components: 1. Effectiveness in securing the system (ISO 27002) 2. Information Security Management system (ISO 27001) 13.2 Security Solutions
  • 5. 13. Security Solutions 13.2.1 Security Management 13.2.1.2 Simple Network Management Major components used in networking are routers, switches, firewalls and access servers. (Network topology) Routers draw a hierarchy of LANs and autonomous systems to find optimal paths to information recourses worldwide. 13.2 Security Solutions Network Management Data Centers Unicenter from IBM Network Management System tools Open View from HP Enterprise System Management ESM
  • 6. 13. Security Solutions 13.2.2 Cryptographic Solutions 13.2.2.1 Cryptography Hash Functions Symmetric Cryptography Public-Key Cryptography Digital Signatures Virtual Private Networks 13.2.2.1 The Main Cryptographic Mechanisms Symmetric Cryptography: Private Key (AES) Asymmetric Cryptography: Public Key (RSA) 13.2 Security Solutions
  • 7. 13. Security Solutions 13.2.2 Cryptographic Solutions 13.2.2.3 Block and Stream Ciphers in Symmetric Cryptography Symmetric ciphers are now usually implemented using: • Block ciphers: a fixed-length block of plain text is converted into cipher text of the same length • Stream ciphers: data is encrypted bit/byte at a time 13.2.2.4 Digital Signatures Used to or demonstrating the authenticity of a digital message or document. DS algorithms: RSA, DSS, Elliptic Curves Crypto-systems : PGP, S/MIME 13.2 Security Solutions
  • 8. 13. Security Solutions 13.2.2 Cryptographic Solutions 13.2.2.5 Virtual Private Networks (VPN) A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network. Intranet VPN: several buildings may be connected to a data center (strong encryption) Remote Access VPN laptops that connect intermittently from different locations (authentication) Extranet VPN access corporate resources across various network architectures 13.2 Security Solutions
  • 9. 13. Security Solutions 13.2.2 Cryptographic Solutions 13.2.2.5.1 Dial-Up VPN (PPTP VPN) 13.2 Security Solutions Firewall Intranet
  • 10. 13.2.2 Cryptographic Solutions: PPP VPN implementation 13. Security Solutions 13.2 Security Solutions Firewall Firewall
  • 11. 13. Security Solutions 13.2.2 Cryptographic Solutions 13.2.2.5.2 Layer Two Tunnel Protocol (L2TP) Layer Two Tunneling Protocol (L2TP) is a combination of PPTP and Layer 2 Forwarding. The main rival to PPTP for VPN tunneling was Cisco’s L2F. 13.2.2.5.1 Internet Protocol Security (IPSEC) IPsec is a collection of protocols that provide low-level network security. IPsec exists at the network layer. 13.2 Security Solutions
  • 12. 13. Security Solutions 13.2.3 Access Control Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system. The three most widely recognized models are: • Discretionary Access Control (DAC) • Mandatory Access Control (MAC) • Role Based Access Control (RBAC) 13.2 Security Solutions
  • 13. 13. Security Solutions 13.2.3 Access Control Access Control Technologies: • Passwords, tokens, smart cards, encrypted keys • Authentication • Biometrics • VPN 13.2 Security Solutions
  • 14. 13. Security Solutions 13.2.3 Access Control Authentication Encryption can be used not only to hide data from prying eyes. For example, cryptographic method, Tripwire. It build database of cryptographic checksums for selected files. Attempts to unauthorized access to data will be detected by Tripwire Biometrics Fingerprints, Facial Recognition, Hand geometry, DNA 13.2 Security Solutions
  • 15. 13. Security Solutions 13.2.4 Data Traffic Control Security Rules: Rule1: Trust Inside Rule 2: Least privilege Rule 3: Selective blocking Opposite of Rule 2 Firewalls: Network firewalls Application firewalls Stateful inspection firewalls 13.2 Security Solutions
  • 16. 13. Security Solutions 13.2.5 Security Analysis Security Testing: Penetration testing External Source Penetration Test Internal source penetration Test Target system penetration test Vulnerability Assessment The process of identifying and quantifying weaknesses of the system, and determine their effect. Analyze threats that potentially can cause compromise, spoofing, or denial of service. 13.2 Security Solutions
  • 17. 13. Security Solutions 13.2.5 Security Analysis: Security Review • System, Network and Topology evaluation • Administration checklist • File servers and workstations • Individual accountability • Disaster recovery • Connectivity • E-mail Controls • Policy Review • Logical Security • Managerial security • Physical Security 13.2 Security Solutions
  • 18. 13. Security Solutions 13.2.5 Security Analysis Forensic Investigation • Use of sterile media • Hardware investigation • Original data • Write protected media • Deleted, hidden or recored files • File revision documentation • Data manipulation • Files’ organization • Potential evidence • Report generation 13.2 Security Solutions
  • 19. 13. Security Solutions 13.2.5 Security Analysis Security Audit • Planning the audit • Auditing • Report and post-mortem • Action 13.2 Security Solutions
  • 20. Security Control Management Class, Family and Identifier Class Family Identifier Management Risk Assessment RA Management Planning PL Management System and Services Acquisition SA Management Certification, Accreditation, and Security Assessment CA 13. Security Solutions 13.3 The NIST Security Solution Taxonomy
  • 21. Class Family Identifier Operational Personnel Security PS Operational Physical and Environmental Protection PE Operational Contingency Planning CP Operational Configuration Management CM Operational Maintenance MA Operational System and Information Integrity SI Operational Media Protection MP Operational Incident Response IR Operational Awareness and Training AT 13. Security Solutions 13.3 The NIST Security Solution Taxonomy Security Control Technical Class, Family and Identifier
  • 22. Security Control Technical Class, Family and Identifier Class Family Identifier Operational Identification and Authentication IA Operational Access Control AC Operational Audit and Accountability AU Operational System and Communications Protection SC 13. Security Solutions 13.3 The NIST Security Solution Taxonomy
  • 23. 1 Risk Assessment and Treatment 2 Security Policy 3 Organization of Information Security 4 Asset Management 5 Human Resources Security 6 Physical Security 7 Communications and Ops Management 8 Access Control 9 Information Systems Acquisition, Development, Maintenance 10 Information Security Incident management 11 Business Continuity 12 Compliance 13. Security Solutions 13.4 The ISO Security Taxonomy

Editor's Notes

  1. We organize information security solutions into six classes: security management, cryptography, access control, data traffic control, security analysis, and physical security.
  2. Sophisticated computer management systems, called system controllers, have been around for decades. This units were hooked up in mainframes in data centers. OpenView has built-in IP network management standard Simple Network Management Protocol (SNMP). ESM: fuziness in the area separating networks and computers from the development of the client-serve technology that moved data from data centers to internetworking topology.
  3. Symmetric Algorithm main parts are:            Plaintext          Encryption Algorithm          Secret Key – the main secret          Cipher Text          Decryption
  4. Modern symmetric block encryption algorithms are mainly based on the Feistel block cipher structure. Feistel proposed the use of a cipher that alternates substitutions and permutations. In fact, this is a practical application of a proposal by Claude Shannon to develop a product cipher that alternates confusion and diffusion functions. Diffusion, when each cipher text digit is affected by many plaintext digits. Confusion, when the relationship between the statistics of the cipher text and the value of the encryption key is as complex as possible.   Block ciphers include DES, IDEA, SAFER, Blowfish… Also I would like to mention that the Skipjack -- this last being the algorithm used in the US National Security Agency (NSA) Clipper chip, used for U. S. government's Escrowed Encryption Standard (EES), is block cipher.
  5. Intranet VPN This is considered "client transparent" VPN. It is usually implemented for networks within a common network infrastructure but across various physical locations. For instance several buildings may be connected to a data center, that they can access securely through private lines. Those VPNs need to be especially secure with strong encryption and meet strict performance and bandwidth requirements. Remote Access VPN Here VPN is "client initiated". It is intended for remote users that need to connect to their corporate LAN from various point of connections. It is intended for telecommuters and salesmen equipped with laptops that connect intermittently from different locations (homes, hotels, conference halls...). The key factor here is flexibility as performance and bandwidth are usually minimal and less of an issue. More than encryption, authentication will be the main security concern. Extranet VPN In this case VPN uses the Internet as main backbone. It usually addresses a wider scale of users and locations, enabling users to access corporate resources across various network architectures. They rely on VPN standards to ensure maximum compatibility while trying not to overly compromise security.
  6. Computers can use the PPTP protocol to securely connect to a private network as a remote access client by using a public data network such as the Internet. In other words, PPTP enables on-demand, virtual private networks over the Internet or other public TCP/IP-based data networks. PPTP can also be used by computers connected to a LAN to create a virtual private network across the LAN. PPTP is configured by adding virtual devices referred to as virtual private networks (VPNs) to the RAS and Dial-Up Networking. Most PPTP sessions are started by a client dialing up an ISP network access server.
  7. The Point-to-Point Protocol (PPP) is a data link layer protocol which encapsulates other network layer protocols for transmission on synchronous and asynchronous communication lines. Two precise definitions of "point-to-point" in the context of data communications follow: A network configuration in which a connection is established between two, and only two points. The connection may include switching facilities. A circuit connecting two points without the use of any intermediate terminal or computer. The PPP protocol is used to create the dial-up connection between the client and network access server and performs the following three functions: Establishes and ends the physical connection. The PPP protocol uses a sequence defined in RFC 1661 to establish and maintain connections between remote computers. Authenticates users. PPTP clients are authenticated by using the PPP protocol. Clear text, encrypted, or Microsoft encrypted authentication can be used by the PPP protocol. Creates PPP datagrams that contain encrypted IPX, NetBEUI, or TCP/IP packets . PPP creates datagrams which contain one or more encrypted TCP/IP, IPX, or NetBEUI data packets. Because the network packets are encrypted, all traffic between a PPP client and a network access server is secure.
  8. Layer Two Tunneling Protocol (L2TP) is a combination of PPTP and Layer 2 Forwarding (L2F), a technology proposed by Cisco® Systems, Inc. Rather than having two incompatible tunneling protocols competing in the marketplace and causing customer confusion, the IETF mandated that the two technologies be combined into a single tunneling protocol that represents the best features of PPTP and L2F. L2TP is documented in RFC 2661.
  9. Access control techniques Access control techniques are sometimes categorized as either discretionary or non-discretionary. The three most widely recognized models are Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC). MAC and RBAC are both non-discretionary. (DAC) is an access policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have. (MAC) is an access policy determined by the system, not the owner. MAC is used in multilevel systems that process highly sensitive data, such as classified government and military information. A multilevel system is a single computer system that handles multiple classification levels between subjects and objects. (RBAC) is an access policy determined by the system, not the owner. RBAC is used in commercial applications and also in military systems, where multi-level security requirements may also exist. RBAC differs from DAC in that DAC allows users to control access to their resources, while in RBAC, access is controlled at the system level, outside of the user's control. Although RBAC is non-discretionary, it can be distinguished from MAC primarily in the way permissions are handled. MAC controls read and write permissions based on a user's clearance level and additional labels. RBAC controls collections of permissions that may include complex operations such as an e-commerce transaction, or may be as simple as read or write. A role in RBAC can be viewed as a set of permissions.
  10. The principle of least privilege states that only the minimum access necessary to perform an operation should be granted, and that access should be granted only for the minimum amount of time necessary. Network firewalls protect the perimeter of a network by watching traffic that enters and leaves. An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. Stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.
  11. A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. External testing(Black box) refers to attacks on the organization's network perimeter using procedures performed from outside the organization's systems, that is, from the Internet or Extranet. Internal testing (White box) penetration test evaluates the efficacy of a network’s internal protection. Network configurations, source codes and the occasional password are provided in the white box penetration test.
  12. Security controls in the security control catalog (NIST SP 800-53, Appendix F) have a well-defined organization and structure. The security controls are organized into classes and families for ease of use in the control selection and specification process. There are three general classes of security controls (i.e., management, operational, and technical18). Each family contains security controls related to the security function of the family. A standardized, two-character identifier is assigned to uniquely identify each control family. Table summarizes the classes and families in the security control catalog and the associated family identifiers.
  13. An agency has the flexibility to tailor the security control baseline in accordance with the terms and conditions set forth in the standard. Tailoring activities include: (i) the application of scoping guidance; (ii) the specification of compensating controls; (iii) the specification of agency-defined parameters in the security controls, where allowed. The system security plan should document all tailoring activities.