Chapter 5 & 6
Chapter 5 & 6
1
Topics
Security Planning
Security Standards and Levels (ISO 15408 standard)
Password Security
Access Control and Monitoring: Wrappers
Firewalls
Introduction
Denial of service
Any problem that makes it difficult or impossible for
the system to continue to perform productive work.
Assess these threats in relation to the number of users
who would be affected, as well as to the sensitivity of
the information that might be compromised.
For some organizations, break-ins are an embarrassment that if
they allow unauthorized access then the confidence that others
have in the organization may be reduced.
Writing a Security Policy
Security is largely a "people problem."
People, not computers, are responsible for implementing
security procedures, and people are responsible when
security is breached.
Therefore, network security is ineffective unless people
know their responsibilities.
It is important to write a security policy that clearly
states what is expected and who it is expected from.
Cont..
rlogin does not help when you log in from a remote site or an
untrusted system.
Use one-time passwords for remote logins.
Because a one-time password can be used only once, a thief who
steals the password cannot use it.
One-time Passwords In Everything (OPIE) is free software from
the U.S. Naval Research Laboratory (NRL) that modifies a UNIX
system to use one-time passwords.
OPIE is directly derived from SKey, which is a one-time password
system created by Bell Communications Research (Bellcore).
Access control and monitoring
Access control is a technique for limiting access.
Routers and hosts that use access control check the
address of a host requesting a service against an access
control list.
If the list says that the remote host is permitted to use
the requested service, the access is granted.
If the list says that the remote host is not permitted to
access the service, the access is denied.
Access control does not bypass any
normal security checks
Cont…
Thanks