Chapter3 Security Strategies.

Slides:

Advertisements

Similar presentations

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Advertisements

Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung

Guide to Network Defense and Countermeasures Second Edition

Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.

1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, Robert Zalenski, Firewall Technologies,

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

VM: Chapter 5 Guiding Principles for Software Security.

Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Security Firewall Firewall design principle. Firewall Characteristics.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

Building a Successful Security Infrastructure

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Stephen S. Yau CSE , Fall Security Strategies.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Internet and Intranet Fundamentals Class 9 Session A.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.

Firewalls Julie Petrusa S.A.M. Matiur Rahman Carlo Mormina.

Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.

FireProof. The Challenge Firewall - the challenge Network security devices Critical gateway to your network Constant service The Challenge.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Module 11: Designing Security for Network Perimeters.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Security fundamentals Topic 10 Securing the network perimeter.

1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.

Chapter 4: Implementing Firewall Technologies

Security Architecture of qmail and Postfix Authors: Munawar Hafiz Ralph E. Johnson Prepared by Geoffrey Foote CSC 593 Secure Software Engineering Seminar.

(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Role Of Network IDS in Network Perimeter Defense.

1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

EN Spring 2016 Lecture Notes FUNDAMENTALS OF SECURE DESIGN (NETWORK TOPOLOGY)

Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

“Enterprise Network Design and Implementation for Airports” Master’s Thesis - Ashraf Ali Department of Computing and Information Sciences This project.

Security fundamentals

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Design for Security Pepper.

Computer Data Security & Privacy

HARDENING CLIENT COMPUTERS

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

* Essential Network Security Book Slides.

IS4680 Security Auditing for Compliance

Firewalls Jiang Long Spring 2002.

How to Mitigate the Consequences What are the Countermeasures?

My 7-Point Plan for Windows Security

6. Application Software Security

Design Principles Thanks to Matt Bishop 2006 CS 395: Computer Security.

Presentation transcript:

Chapter3 Security Strategies

Content Least Privilege Defense in Depth Choke point Weakest Link Fail-Safe Stance Universal Participation Diversity of Defense Simplicity and Security Through Obscurity

Least Privilege It mean that any object(user, administrator, program system) should have only the privileges the object needs to perform its assigned tasks and no more(Limiting your exposure to attack and limiting the damage cause by particular attack). Ex: In internet context: every user don’t need to access every internet service. To create least privilege we use packet filtering.

Defense in Depth Refer to installation of multiple mechanisms that backup each other. Ex: Adopting multiple mechanisms that provide backup and redundancy for each other(Network Security(firewall),Host security, and Human security(user education, report,…)).

Choke point Choke point forces attacker to use a narrow channel which you can monitor and control. Ex: Firewall between your site and the internet(Connection between your site and the internet)

Fail-Safe Stance Refer to deny attacker by failure. Ex: Deny attacker by interrupt network connection when device was broken(Router). There are two fundamental stance that you take with respect to security decision and policy: The default deny stance: specify only what you allow and prohibit everything else. The default permit stance: Specify only what you prohibit and allow every thing else.

Universal Participation Refer to site person joining with security. Ex: It need everybody in each site to report strange happening that might be security related.

Diversity of Defense It is closely related to depth of defense but takes matters a bit further(different kind of defense). Method to implement diversity of defense is using security system from different vendor. The issues effect to diversity of defense: Inherent weaknesses Common Configuration Common Heritage Skin-deep differences

Simplicity and Security Through Obscurity It is a security strategy for two reason: First, keeping thing simple make them easier to understand. Second, Complexity provide nooks and crannies for all sorts of thing to hide in. Security through obscurity: It is a principle of protecting things by hiding them.