Network Security

Network Security - prevention from unauthorized access

3 key principles of Network Security (C-I-A)
  1. Confidentiality - concerned with preventing the authorized disclosure of sensitive information
  2. Integrity - 3 goals
    • Prevention of the modification of information by unauthorized users
    • Prevention of the unauthorized or unintentional modification of information by authorized users
    • Preservation of the internal and external consistency.
  3. Availability
Other C-I-A related terms
  1. Identification -- Log-in
  2. Authentication - password
  3. Accountability - the person who is responsible into the whole account
  4. Authorization
3 Critical Elements of Security According in IATO
  1. People
    • Development of information assurance policies and procedures
    • Assignment of role and responsibility
    • Training of critical Personnel
    • Enforcement of personal accountability
    • Commitment of Resources
    • Establishment of physical security control
    • Establishment of personnel Security Control
    • Penalties Associated with Unauthorized behavior
  2. Technology
    • Security Policy
    • System-level information assurance architecture
    • Information assurance principle
    • Specification criteria for the required information assurance products
    • Acquisition of reliable, 3rd party validated products
    • Configuration recommendations
    • Risk Assessment process for the integrated system
  3. operations
    • A visible and up-to-date security policies
    • Enforcement of file information security policy
    • Certification and accreditation
    • Information Security posture management
    • Key management Services
    • Readiness Assessment
    • Protection of the infrastructure
    • Performing system security assessment
    • Monitory and reacting to threats
    • Attack sensing, warning, and response (ASW + R)
    • Recovery and reconstitution
The System Development Life Cycle
  1. Initiation
    • documentation
    • involves sensitivity assessment
  2. Development / Acquisition
    • security requirement
    • level of awareness
  3. Implementation
    • installation, testing, security testing and accreditation
  4. Operation / Maintenance
    • operation assurance
    • identify the measure
    • back-up, training process
  5. Disposal
    • involves disk sanitation, archiving files, moving equipment.

Risk Management
  • According to NIST, Risk management comprises of 3 process
    • risk assessment
      • identification and evaluation of risks
      • identification and evaluation of risk impacts
      • recommendation of risk-reducing measures
    • risk mitigation
      • prioritizing appropriate risk-reducing measures recommended from the risk assessment process.
      • implementing appropriate risk-reducing measures recommended from the risk assessment
      • maintaining the appropriate risk-reducing measures recommendation from the risk assessment.
    • evaluation and assessment
      • continuous process center residual risk in the system is acceptable
      • implement additional security controls for accreditation of the IT system

Security Vs Privacy


Security - is need by an organization to protect Intruders
Privacy - is wanted by an organization to protect the rights of an individual

3 Aspects of Information Security
  • Security Attack -- compromise the information
  • Security Mechanism
  • Security Service
    • enhance the security measures
    • counter security attacks

Four General Category of an attack
  1. Interruption - attack on availability
  2. Interception - attack on confidentiality
  3. Fabrication - attack on authentication
  4. Modification - attacked on Integrity
3 Classes of Intruders
  1. Masquerader
  2. Misfeasor
  3. Clandestine User
Reasons Behind an Attack
  1. Skill
    1. General Skill Level
    2. Custom Skill Level
  2. Motivation
    1. Satisfaction - struggle
    2. Tenacity - patience
    3. Ego - pride
  3. Opportunity
    1. Parsimony
    2. Justififiability - other people still can access
    3. Completeness
    4. Awareness
    5. Robustness - limitation

Security Policies and Security Awareness

Senior Management Policy Statement
Organizational Policy
Functional Policy
Standards

Guidelines ← Baselines
↓                   
Procedures                   

Advisory Policies
  • strong recommendations
  • recommend course of action / approaches but allow for independent judgement in the event of special case
Regulatory Policies
  • intended to ensure that an organization implements the standard procedures and best practices of its industry
Informative Policies
  • provide information and generally require no action by the affected individual
  • inform the user of the prohibited activities and resultant consequences of practicing these activities

Standards, Guidelines, Procedures and Baselines

Standards - are compulsory and usually refer to specific hardware and / or software

Guidelines - are suggestions to the personal of an organization on how to effectively secure their network and computers

Procedures - are compulsory, detailed steps to be followed in order to accomplish tasks

Baselines - are similar to standards and represent a level of implementation of security controls that provide protection of available to other similar reference entities.

Security Awareness

  • Refers to the collective consciousness of an organizations employees relative to security controls and their application to the protection of the organization's critical and sensitive information

Training
  • is a tool that can increase employee security awareness and capabilities in identifying, reporting and handling comprises of confidentiality, integrity and availability of information system.
Types of Internet Security Training


Training Type
Target
AwarenessPersonnel and Security-Sensitive Positions
Security - related job trainingOperator and other designated Users
High - Level Security TrainingSemi-managers final managers and business unit managers
Technical Security trainingIT Support and System Ad
Advanced Info Security trainingSecurity Practitioners and Info System Auditors
Specific Security Software and Hardware Product TrainingOperators; IT personnel System Ad; Security Fractitioners and Selected Users

Physical Security
  • is concerned with the protection of personnel, sensitive information facilities, and equipment through the use of physical controls.
Controls in physical security can be partitioned into physical technical and administrative type.

Possible threats to Physical Security
  • Murderers
  • rapist
  • terrorist
  • Car Jackers
  • Spy
  • Fire
  • disease
  • item thief
  • inside job
  • bomb
  • natural calamities and disaster
  • vandalisms
  • Sabotage
  • Lost of electrical security
  • strike
  • environmental conditions
  • water damage
  • smoke particles
  • hackers
  • extreme temperature and humidity
  • employee, abuse of powers
Physical Controls
  • Security Guards
  • K9 dogs / units
  • Lock with chain
  • Safe / Vault
  • Location of equipment
  • Temperature Monitoring
  • Warning Signs
  • Security Cage / Fencing
  • Disabling USB Ports
  • Paper Shredder
  • Man trap
  • Lighting
  • TV
  • Instrusion Detectors
  • Dry Contact Switches
Administrative Controls
  • Hire and monitoring security experts
  • Implement and design safety measures
  • Training of critical personnel
  • Installation of safety devices
  • Regular health monitoring
  • Security policy
  • Performing security assessment
Technical Controls
  1. Fire
    • Fire extinguishers
    • sprinklers
    • smoke detectors
    • thermal security camera
  2. Bomb
    • radar
  3. Hackers
    • Anti-viruses
    • System Firewalls
    • System Restrictions
  4. Natural Calamities
    • Sensor
    • Cameras
    • Satellites

Comments

Post a Comment

Popular posts from this blog

Talambuhay ni Liwayway A. Arceo

Si Liwayway A. Arceo ay ipinanganak sa Manila noong ika 30 ng Enero 1924 mula sa kilalang pamilya ng mga manunulat. Ito ay  nakasulat ng 90 nobela, 2 libong mahigit na kuwento, 1 libong mahigit na sanaysay, 36 tomo ng iskrip sa radyo, 7 aklat ng salin, 3 iskrip sa telebisyon, at di-mabilang na kuntil-butil na lathalain sa halos lahat ng pangunahing publikasyong Tagalog o Filipino. Nagsulat siya ng ilang nobela kabilang dito ang Canal de la Reian at Titser. Mayroon din siyang mga koleksiyon ng maiikling kuwento tulad ng "Ang Mag-Anak na Cruz, Mga Maria, Mga Eva at "Maybahay, Anak at iba pa". Ang kanyang kuwentong "Uhaw ang Tigang na Lupa" ay nanalo ng ikalawang gantimpala sa Pinakamabuting Maikling Likha noong 1943. Kabilang sa mga pangunahing aklat ni Arceo ang sumusunod:   Maling Pook, Maling Panahon. . .Dito, Ngayon (1998);  Mga Bathalang Putik (1998)  Titser (1995)  Canal de la Reina (1985)  Ina, Maybahay, Anak at iba pa (1998)  Mga Kuwento ng Pa
Read more

Basketball Hand Signals

Image
Jump Ball  You can see jump ball hand signal in every start of the game. It determines who will have the possession of the ball. Two players facing to each other attempt to gain control of the ball after it is tossed up into the air in between them by an official or referee. Player Control Foul According to Wikipedia, a personal foul is a breach of the rules that concerns illegal personal contact with an opponent. It is the most common type of foul in basketball. Once a player accumulate a certain number of Personal foul, the player must be Substituted out and is no longer allowed to re-enter the game, and is considered to be " Fouled-Out ". The Personal Foul limit is 6 for the NBA and 5 for FIBA competitions. The assessing of a Personal Foul is completely up to the Referee(s), who use their own judgement in deciding whether a certain instance of contact played a player at an advantage / disadvantage. There are many different forms of Personal Foul, these includes
Read more

Uhaw ang Tigang na Lupa- Liwayway A. Arceo

1 Ilang gabi nang ako ang kapiling niya sa higaan. Tila musmos akong dumarama sa init ng kanyang dibdib at nikikinig sa pintig ng kanyang puso. Ngunit, patuloy akong nagtataka sa malalim na paghinga niya, sa kanyang malungkot na pagtitig sa lahat ng bagay, paghikbi... 2 Ilang araw ko nang hindi nadadalaw ang aklatan: ilang araw ko nang hindi nasasalamin ang isang larawang mahal sa akin: bilugang mukha, malapad na noo, hati-sa-kaliawang buhok, singkit na mga mata, hindi katangusang ilong, mga labing duyan ng isang ngiting puspos-kasiyahan...Sa kanya ang aking noo at mga mata. Ang aking hawas na mukha, ilong na kawangki ng tuka ng isang loro, at maninipis na labi, ay kay Ina... 3 Sa Ina ay hindi palakibo: siya ay babaing abilang at sukat ang pangungusap. Hindi niya ako inuutusan. Bihira siyang magalit sa akin at kung nagkakagayon ay maikli ang kanyang pananalita: Lumigkit ka!... At kailangang ‘di ako makita. Kailangang ‘do ko masaksihan ang kikislap na poot sa kanyang mga mata. Ka
Read more