LOGICAL SECURITY

ISH 422 Information Security Presentation

Simbarashe M Kandeo M200805

Tinoyenda M J Nyarufero M203502
Tinashe A Mutero M201711
Tinayeishe Madembo M202229
Nyararai Mashamba M204015
 What is Logical Security?

Are these that restrict the access capabilities of users of the system and prevent unauthorised users from
accessing the system.
It exists within the operating system, the database management system, the application or all the three
The following slides will discuss the various types of logical security
User ID`s:
These are also known as logins, user names logins, or accounts; these are unique personal identifies for
accessing computer programs
The creation of user IDs allows users to have access to the data they have permission to access

Authentication
it is the process used by a computer program, computer, or network to attempt to confirm the identity of a
user.
Confirming identities is essential to access control, which gives access to the authorized and excludes
unauthorized users.
For example, when creating a WhatsApp account, WhatsApp authenticates if the number provided by the
user is he/she the owner by sending a verification code to the line.
Access Controls

Access control is implemented to restrict user access to information and systems based on their
authentication and authorization levels.
It uses techniques such as user IDs, passwords, role-based access control, and multifactor authentication
For example in the system GZU if one works in the accounts department he/she will have access to the
system to the accounts department details only.
 Incident Response and Disaster Recovery Planning

• Incident response involves a coordinated approach to addressing and managing security incidents such
as unauthorized access, data breaches, malware infections, and system compromises. It includes a set of
procedures and measures designed to minimize the impact of security incidents and restore normal
operations as quickly as possible. Key components of incident response include
• a. Incident Detection: Implementing monitoring systems and security controls to detect and alert on potential security
incidents in real-time.

•
• b. Incident Analysis: Investigating and analyzing security incidents to understand their nature, scope, and potential
impact.

•
• c. Incident Containment: Taking immediate actions to contain the incident and prevent further damage or unauthorized
access.

•
• d. Incident Eradication: Removing the root cause of the incident, eliminating any malware or unauthorized access, and
restoring affected systems to a secure state.

•
• e. Incident Recovery: Restoring systems and data to their normal functioning state, ensuring business continuity.
•
• Disaster recovery planning, on the other hand, focuses on preparing for and recovering from major
disruptions such as natural disasters, hardware failures, or other catastrophic events. It involves creating
comprehensive plans and procedures to ensure the timely and effective recovery of critical systems,
data, and operations. This may include regular backups, redundant systems, off-site data storage, and
predefined recovery strategies.
 Vulnerability Management and Patching

• Vulnerability management is the process of identifying, assessing, prioritizing, and mitigating software
and system vulnerabilities that could be exploited by attackers. It involves proactive measures to
identify vulnerabilities in the IT infrastructure, applications, and network devices. The steps involved in
vulnerability management include:
• a. Vulnerability Scanning: Conducting regular scans of systems and applications to identify known
vulnerabilities and configuration weaknesses.

•
• b. Vulnerability Assessment: Analyzing and prioritizing identified vulnerabilities based on their severity,
potential impact, and exploitability.

•
• c. Patch Management: Applying security patches and updates to address known vulnerabilities in a timely
manner. This includes keeping operating systems, applications, and firmware up to date with the latest security
patches.

•
• d. Remediation: Taking necessary actions to mitigate or eliminate identified vulnerabilities, which may involve
applying patches, implementing configuration changes, or deploying additional security controls.

•
• e. Ongoing Monitoring: Continuously monitoring the IT environment for new vulnerabilities and emerging
threats, and adapting the vulnerability management process accordingly.
•
 Secure Communication Protocols: HTTPS and SSH

• HTTPS and SSH. These protocols play a crucial role in ensuring the confidentiality, integrity, and
authenticity of data transmitted over networks.

• HTTPS stands for Hypertext Transfer Protocol Secure. It is a secure version of HTTP, the protocol used
for communication between web browsers and web servers. HTTPS uses encryption to protect sensitive
information exchanged between a client (such as a web browser) and a server.
 HTTPS Encryption

• HTTPS utilizes the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to establish a
secure connection. Here's a simplified example of how HTTPS works

• 1. The client initiates a connection with the server by sending a request to access a website over HTTPS.

• 2. The server responds by sending its digital certificate, which contains its public key and other
information.

• 3. The client verifies the server's certificate and generates a session key.

• 4. The client encrypts the session key using the server's public key and sends it back to the server.

• 5. Both the client and server now have the session key to encrypt and decrypt data during the session.

• 6. Encrypted data is transmitted between the client and server, ensuring confidentiality.
 SSH

• SSH stands for Secure Shell. It is a cryptographic network protocol used for secure remote access and file transfer over an unsecured
network. SSH provides a secure channel for communication between a client and a server, preventing unauthorized access and data
tampering.

• SSH employs various authentication methods, including passwords, public key cryptography, and multi-factor authentication. Here's an
example of SSH authentication using public key cryptography:

•
• 1. The client generates a key pair consisting of a public key and a private key.

• 2. The client sends its public key to the server and stores the private key securely.

• 3. The server receives the client's public key and associates it with the client's account.

• 4. When the client attempts to connect to the server, the server challenges the client to prove possession of the corresponding private key.

• 5. The client signs the challenge with its private key, and the server verifies the signature using the associated public key.

• 6. If the signature is valid, the server grants access to the client.

Logging, Monitoring, and Auditing
• Logging involves the process of recording events and activities within an information system.
• it provides us with a detailed record of user actions, system events, and security-related incidents, which can be invaluable when
investigating breaches or analysing system performance
Monitoring
Monitoring refers to the continuous observation of system activities and events.
• Real-time monitoring is crucial as it allows us to identify security incidents promptly, enabling us to take immediate action.
Auditing
• Auditing involves reviewing and analyzing logs and other records to ensure compliance and identify security weaknesses.
• Auditing helps us verify adherence to security policies, regulations, and best practices, as well as identify vulnerabilities and areas
for improvement