Security• Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people and system that are authorized.

• Security characteristics:• Confidentiality: data or services are protected from unauthorized access.• Integrity: data or services are not subject to unauthorized manipulation.• Availability: the system will be available for legitimate use.• Authentication: verifies the identities of the parties to transactions and checks if

they are truly who they claim to be. • Nonrepudiation: guarantees that the sender of a message cannot later deny having

sent the message, and the recipient cannot deny having received the message.• Authorization: grants a user the privileges to perform a task.

Security

Security Tactics

Security Tactics

Detect Attacks

• Detect intrusion: by comparison of network traffic or service request patterns within a system to a set of signatures or known patterns of malicious behavior stored in a database.

• Detect service denial: by comparison of the pattern or signature of network traffic coming into a system to historical profiles of known denial-of-service attacks. • Verify message integrity: by employing techniques such as checksums or hash values to verify of messages, resource files, deployment files, and configuration files.

• Detect message delay: detect potential man-in-middle attacks, where a malicious party is intercepting (and possibly modifying) messages, by checking the time that it takes to deliver a message.

Security TacticsResist Attacks• Identity actors: identify the source of an external input to the system

• Authenticate actors: ensure that an actor (user or computer) is actually who or what it purports to be.

• Authorize actors: ensure that an authenticated actor has the rights to access ad modify either data or services.

• Limit access: limiting access to computing/hardware resources.

• Limit exposure: minimize the attack surface of a system by having the least possible number of access points for resources, data, or services and reducing the number of connectors that may provide unanticipated exposure. • Encrypt data: to provide extra protection to persistently maintained data beyond that available from authorization.

• Separate entities: separate sensitive and non-sensitive data by physical separation on different computers, to reduce the attack possibility from non-sensitive data users.

• Change default settings: to prevent attackers from gaining access to the system through settings that are generally publicly available.

Security Tactics

React to Attacks

• Revoke access: when an attack is underway, access can be severely limited to sensitive resources, even for normally legitimate users and uses.

• Lock computer: limit access from a particular computer if there are repeated failed attempts to access an account from that computer.

• Inform actors: the relevant actors must be notified when the system has detected an attack.

Security Tactics

Recover from Attacks

• Maintain audit trail

• Restore (same as availability tactics)