Professional Documents
Culture Documents
05.best Practices
05.best Practices
OF INFORMATION
SECURITY
Best Practices
Content
ON-THE-FLY DISK ENCRYPTION ELECTRONIC CODE BOOK (ECB), ONE-TIME PASSWORD (OTP),
(OTFE) CIPHER BLOCK CHAINING (CBC), HMAC-BASED ONE-TIME
CIPHERTEXT FEEDBACK (CFB) PASSWORD (HTOP)
Best Practices in
Information Security
Kredit:https://www.it.ucsb.edu/password-best-practices
12 Top Tips for Information Security
Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Also known as “Live encryption, “transparent
encryption”, “real-time encryption”
Authentication-as-a-service
providers offer various web-
Web-
based methods for delivering based
one-time passwords without
the need for tokens. methods
HMAC-BASED ONE-TIME PASSWORD (HTOP)
• Is a one-time password (OTP) algorithm based on hash-based
message authentication codes (HMAC)
• Also known as Event-based OTP
• The original One-Time Password algorithm and relies on two pieces of
information
• The first is the secret key, called the "seed", which is known only by the token
and the server that validates submitted OTP codes.
• The second piece of information is the moving factor which, in event-based
OTP, is a counter.
HOTP is calculated by first creating an HMAC hash from the seed and
counter. The result output is too long though, it’s a 160-bit long string. Thus,
next, it is shortened to a reasonable 6 or 8 digits, which is the OTP displayed
on the token.
Multi Level Security
Kredit:https://www.it.ucsb.edu/password-best-practices
MULTI LEVEL SECURITY
• The application of a computer system to process information with:
a) Incompatible classifications (i.e., at different security levels)
b) Permit access by users with different security clearances
c) Needs-to-know and prevent users from obtaining access to information for
which they lack authorization.
• There are two contexts for the use of multilevel security:
A system that is adequate to protect itself from subversion and has robust
mechanisms to separate information domains, that is, trustworthy
An application of a computer that will require the computer to be strong
enough to protect itself from subversion and possess adequate mechanisms
to separate information domains, that is, a system we must trust.
TRUSTED OPERATING SYSTEMS
• An OS which has been tested by Common Criteria labs’ based to the
ISO /IEC 15408 criteria and passed the test to call certified to be a
Secure OS.
• Trusted Operating System (TOS)generally refers to an operating
system that provides sufficient support for multilevel security and
evidence of correctness to meet a set of government requirements.
An OS IS TRUSTED if it can provide:
1. Memory Protection
2. File Protection
3. User Authentication
4. Policy
5. Identification and Authentication