Professional Documents
Culture Documents
Cram DM1
Cram DM1
Cram DM1
Examples:
Physical Preventive Controls include; Backups, Fences, Security
Guards, Locks and keys, Badge Systems.
Administrative Preventive Controls include; Security awareness
training, separation of duties, hiring procedures, security policies
and procedures, and disaster recovery.
Technical Preventive Controls include; Access Control software,
Antivirus software, Library control systems, IDS, Smart cards, and
Callback systems.
Physical Detective Controls include; Motion detectors, smoke
alarms, closed circuit TV, and alarms.
Administrative Detective Controls include; Security reviews and
audits, rotation of duties, required vacations, and performance
evaluations.
Technical Detective Controls include; audit trails and Intrusion
detection expert systems.
Biba The Biba model is latticed-based and uses the less than or equal to
relation. Focuses on Integrity. Biba specifies the three following integrity
axioms.
Simple Integrity Axiom States that a subject at one level of
integrity is not permitted to observe (read) an object of a lower
integrity (no read down).
* Integrity Axiom (Star) States that an object at one level of
integrity is no permitted to modify (write to) an object of a higher level
of integrity (no write up). For example, if a process can write above its
security level, trustworthy data could be contaminated by the addition
of less trustworthy data.
A subject at one level of integrity cannot invoke a subject at a higher
level of integrity.
State Machine Model This model captures the state of a systems. A state
can change only at discrete points in time, ie; triggered by a clock or input
event.
Access Matrix Model Defined as the policy for user authentication, and
has several implementations such as access control lists (ACLs) and
capabilities. It is used to describe which users have access to what objects.
The matrix consists of four major parts:
A list of objects
A list of subjects
A function T that returns an objects type
The matrix itself, with objects making the columns and the subjects
making the rows
The two most used implementations are access control lists and
capabilities. ACLs are achieved by placing on each object a list of users
and their associated rights (Columns). Capabilities are accomplished by
storing on each subject a list of rights the subject as for every object
(Rows).
Risk of compromise
Guessing attacks
Number of times used
Password Changing Considerations
60 days regular user
30 days privilege users
15 days security officer
Use Security Policies to control password management issues
Order of Effectiveness
Iris Scan
Retina Scan
Fingerprint
Hand Geometry
Voice Pattern
Keystroke Pattern
Signature
Monitoring
Intrusion Detection The process of monitoring the events occurring in a
computer system or network and analyzing them for signs of intrusions.
IDS Types
Network-Based IDS Provides reliable, real-time information without
consuming network or host resources. Listens to the network passively for
know attacks.
Host-Based IDS Reviews the system and even logs in order to detect an
attack on the host or if the attack was successful.
IDS Detection Methods
Signature-Based ID In a signature-based ID, signatures or attributes of
known attacks are referenced and compared against.
Statistical Anomaly-Based ID An IDS acquires data and defines a
normal usage profile for the systems.
Types of Intrusions
Input Validation Error
Buffer Overflow
Boundary Condition
Access Validation Error
Exceptional Condition Handling error
Environmental Error
Configuration Error
Race Condition
Penetration Testing
Phase 1 Information Gathering
Phase 2 Gaining Access
Phase 3 Denying Services
Phase 4 Evade Detection
Phase 5 Backdoor and Covering Tracks