Tham khảo bài thuyết trình 'general security concepts', công nghệ thông tin, an ninh - bảo mật phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả | Security+ All-In-One Edition Chapter 1 – General Security Concepts Brian E. Brzezicki Basic Security Concepts First Some Terms (NB) First we have to discuss some terms we will use again and again Protocol – an official set of steps or language for communication Algorithm – a specific set of steps to solve a problem or do some task String – a series of characters. Example if a character can be a-z and 0-9 an 8 character string might be “ar01z14b” Control – a countermeasure or attempt to mitigate a security risk. Example. A firewall is technical control. Policies are HR controls. Encryption is a technical control. CIA No Not that CIA CIA* (7) 3 Fundamental Principles of Security Confidentiality Integrity Availability Operational Model of Security (8) Focus is no longer just on prevention Security now is Prevention What are some preventative controls/measures? Detection What are some detective controls/measures? Response What are some response controls/measures? Protection = Prevention + Detection + Response Security Models and Concepts Host Based Security Network Based Security (9) Focuses on protecting a network from outside attackers by placing security devices on the “perimeter” (see visualization next slide) Firewalls IDS Anti-virus Problems? Internal attackers Little protection of network controls are taken out or bypassed Network Based Security Host Based Security (9) Focuses on protecting a specific machine at the machine level. Each computer protects itself Locked down/bastion host model Resource Permissions Host based firewalls HIDS Anti-virus Patching and updating All machines should have host based security Problems / Advantages of this model? Host and Network Based (12) The ideal model would have components of both Network Based Security along with Host Based Security, this is one example of Layered Security. Layered Security (12) No one security should be completely relied upon. Instead have many overlapping security controls. Network based firewall . | Security+ All-In-One Edition Chapter 1 – General Security Concepts Brian E. Brzezicki Basic Security Concepts First Some Terms (NB) First we have to discuss some terms we will use again and again Protocol – an official set of steps or language for communication Algorithm – a specific set of steps to solve a problem or do some task String – a series of characters. Example if a character can be a-z and 0-9 an 8 character string might be “ar01z14b” Control – a countermeasure or attempt to mitigate a security risk. Example. A firewall is technical control. Policies are HR controls. Encryption is a technical control. CIA No Not that CIA CIA* (7) 3 Fundamental Principles of Security Confidentiality Integrity Availability Operational Model of Security (8) Focus is no longer just on prevention Security now is Prevention What are some preventative controls/measures? Detection What are some detective controls/measures? Response What are some response controls/measures? Protection = Prevention
