Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter3 Security Strategies.

Published byAgatha Hunter Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter3 Security Strategies."— Presentation transcript:

1 Chapter3 Security Strategies

2 Content Least Privilege Defense in Depth Choke point Weakest Link
Fail-Safe Stance Universal Participation Diversity of Defense Simplicity and Security Through Obscurity

3 Least Privilege It mean that any object(user, administrator, program system) should have only the privileges the object needs to perform its assigned tasks and no more(Limiting your exposure to attack and limiting the damage cause by particular attack). Ex: In internet context: every user don’t need to access every internet service. To create least privilege we use packet filtering.

4 Defense in Depth Refer to installation of multiple mechanisms that backup each other. Ex: Adopting multiple mechanisms that provide backup and redundancy for each other(Network Security(firewall),Host security, and Human security(user education, report,…)).

5 Choke point Choke point forces attacker to use a narrow channel which you can monitor and control. Ex: Firewall between your site and the internet(Connection between your site and the internet)

6 Fail-Safe Stance Refer to deny attacker by failure.
Ex: Deny attacker by interrupt network connection when device was broken(Router). There are two fundamental stance that you take with respect to security decision and policy: The default deny stance: specify only what you allow and prohibit everything else. The default permit stance: Specify only what you prohibit and allow every thing else.

7 Universal Participation
Refer to site person joining with security. Ex: It need everybody in each site to report strange happening that might be security related.

8 Diversity of Defense It is closely related to depth of defense but takes matters a bit further(different kind of defense). Method to implement diversity of defense is using security system from different vendor. The issues effect to diversity of defense: Inherent weaknesses Common Configuration Common Heritage Skin-deep differences

9 Simplicity and Security Through Obscurity
It is a security strategy for two reason: First, keeping thing simple make them easier to understand. Second, Complexity provide nooks and crannies for all sorts of thing to hide in. Security through obscurity: It is a principle of protecting things by hiding them.

Download ppt "Chapter3 Security Strategies."

Similar presentations

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung

Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.

Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, 2006. 2.Robert Zalenski, Firewall Technologies,

1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, Robert Zalenski, Firewall Technologies,
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.

Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Building a Successful Security Infrastructure

Building a Successful Security Infrastructure
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Similar presentations

Ads by Google