Security Architecture 1 of 2 - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Security Architecture 1 of 2

Description:

Hardware issues. OS issues. Network protocol issues (even TCP/IP) Application vulnerabilities ... Software and hardware installation and changes do not follow ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 27
Provided by: rafa115
Category:

less

Transcript and Presenter's Notes

Title: Security Architecture 1 of 2


1
Security Architecture (1 of 2)
2
Security Concerns
Privacy
Pornography
Viruses
Hacktivism
Unauthorized Access
Public Confidence
Information Theft

Denial of Service
Industrial Espionage
3
Security Expectations
  • Users can perform only authorized tasks
  • Users can obtain only authorized information
  • Users cannot cause damage to the data,
    applications, or operating environment of a
    system

4
Motivations for Security
5
Network Security Weaknesses
  • Technology weaknesses
  • Configuration weaknesses
  • Security policy weaknesses

6
Technology Weaknesses
  • All computer and network technologies have
    inherent security weaknesses or vulnerabilities.
  • Dont overlook
  • Hardware issues
  • OS issues
  • Network protocol issues (even TCP/IP)
  • Application vulnerabilities

7
Configuration Weaknesses
  • Insecure default settings
  • If you left the defaults, you are dead.
  • Misconfigured network equipment
  • A little knowledge is a dangerous thing
  • Insecure user accounts/passwords
  • End-users cant be trusted to use strong
    passwords
  • Misconfigured Internet services
  • HTTP, Java, CGI, unneeded services.

8
Security Policy Weaknesses
  • Lack of a written security policy
  • Internal politics
  • Lack of business continuity
  • Turnover in staff/management can be devastating
  • Logical access controls to network equipment are
    not applied
  • Security administration is lax, including
    monitoring and auditing
  • Lack of awareness of having been attacked
  • Software and hardware installation and changes do
    not follow the policy
  • Security incident and disaster recovery
    procedures are not in place

9
Categories of Network Threats
  • Unstructured
  • Structured
  • Internal
  • External

10
Threats and Consequences
11
Database Security
  • Degree to which data is fully protected from
    tampering or unauthorized acts
  • Comprises
  • Information system
  • Information security concepts

12
Information Systems
  • Comprised of components working together to
    produce and generate accurate information
  • Wise decisions require
  • Accurate and timely information
  • Information integrity
  • Categorized based on usage

13
Information Systems Components
14
Database Management
  • Essential to success of information system
  • DBMS functions
  • Organize data
  • Store and retrieve data efficiently
  • Manipulate data (update and delete)
  • Enforce referential integrity and consistency
  • Enforce and implement data security policies and
    procedures
  • Back up, recover, and restore data

15
Client Server Database systems
16
Database Management
  • Data
  • Hardware
  • Software
  • Networks
  • Procedures
  • Database servers

17
Information Security Architecture
  • Protects data and information produced from the
    data
  • Model for protecting logical and physical assets
  • Is the overall design of a companys
    implementation of C.I.A. triangle

18
Information Security Architecture
19
Confidentiality
  • Addresses two aspects of security
  • Prevention of unauthorized access
  • Information disclosure based on classification
  • Classify information into levels
  • Each level has its own security measures
  • Usually based on degree of confidentiality
    necessary to protect information

20
Eavesdropping Packet Sniffing
21
Confidentiality Classification
22
Integrity
  • Consistent and valid data, processed correctly,
    yields accurate information
  • Information has integrity if
  • It is accurate
  • It has not been tampered with
  • Read consistency
  • Each user sees only his changes and those
    committed by other users

23
Degradation of Data Integrity
24
Degradation of Data Integrity
25
Availability
  • Systems must be always available to authorized
    users
  • Systems determines what a user can do with the
    information
  • Reasons for a system to become unavailable
  • External attacks and lack of system protection
  • System failure with no disaster recovery strategy
  • Overly stringent and obscure security policies
  • Bad implementation of authentication processes

26
Fin
Write a Comment
User Comments (0)
About PowerShow.com