What is security?
Information Security
Information Security is the protection of information and the systems and hardware that use, store, and transmit that information
By NSTISSC
It's important to remember that the firewall is only one entry point to your network. Modems, if you allow them to answer incoming calls, can provide an easy means for an attacker to sneak around (rather than through ) your front door (or, firewall). Just as castles weren't built with moats only in the front, your network needs to be protected at all of its entry points.
Secure Policy
- Set of rules to apply to security relevant activities in a security domain
- Level of security policy: objectives, organizational and system.
- Key aspects of security policy: authorization, access control policy, accountability
Security Area
- Detection - Tools: scanner such as virus scanner, internet scanner and Web server scanner.
- Prevention - Tools: proxy, firewall.
- Recovery - Tools: cryptography techniques, proper planning.
Security Architecture
- Defined by ITU-T Recommendation X.800 that called OSI Security Architecture.
- Useful to managers as a way of organizing the task of providing security
- Architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services that relate to the structured definition of services and mechanisms.
- Focuses on security attacks, security mechanisms and security services.
Security Principles
- Confidentiality - Prevention of unauthorized disclosure of information.
- Integrity - Prevention of unauthorized modification of information.
- Availability - Prevention of unauthorized withholding of information or resources.
Security Policy
- Set of rules to apply to security relevant activities in a security domain.
- Level of security policy: objectives, organizational and system.
- Key aspects of security policy: authorization, access control policy, accountability.
| PASSIVE ATTACKS | ACTIVE ATTACK |
|
|
|
|
|
|
Method of Defense
We can deal with harm that occurs when a threat is realized against a vulnerability in several ways:
- Prevent it, by blocking the attack or closing the vulnerability.
- Deter it, by making the attack harder, but not impossible.
- Deflect it, by making another target more attractive.
- Detect it, either as it happens or some time after the fact.
- Recover from its effects
Security Services
Defined by X.800:
- A security service as a service provided by a protocol layer of communicating open systems which ensure adequate security of the systems or of data transfers.
Defined by RFC 2828:
- A processing or communication service that is provided by a system to give a specific kind of protection to system resources where security services implement security policies and are implemented by security mechanisms.
Security Services
- Authentication - assurance that the communicating entity is the one claimed
- Access Control - prevention of the unauthorized use of a resource
- Data Confidentiality –protection of data from unauthorized disclosure
- Data Integrity - assurance that data received is as sent by an authorized entity
- Non-Repudiation - protection against denial by one of the parties in a communication
Security Mechanisms
} Security mechanism is any process (or a device incorporating such a process) that is designed to detect, prevent or recover from a security attack.
} Security mechanisms exist to provide and support security services and was defined by X.800
} Divided into two classes: those that are implemented in a specific protocol layer and those that are not specific to any particular protocol layer or security services
◦ Specific Security Mechanisms
◦ Pervasive Security Mechanisms
Lecture Summary
- Due to the technology era today, information security is made more importance implemented in most of organization.
- Studying information security is also importance due to the demand career in this area.
- Most of the major requirements for security services can be given self-explanatory one word labels:
◦ Confidentiality, authentication, nonrepudiation, integrity
END OF LECTURE 1
During this lab session we learn about virtualization & vmware. What is vmware? Virtual machine software from VMware, that allows multiple copies of the same operating system or several different operating systems to run in the same x86-based machine. For years, VMware has been the leader in virtualization software.
By the end of this section of the practical, we should be able
to:
• Understand What is Virtualization
• Install VMware Workstation
• Understand the VMware Workstation Configuration
• Creating disk image on VMware Workstation
• Installing Windows Server 2003 on disk image
VMware Workstation installation
This is simple step by step on how to install VMware Workstation:
1.Download VMware Workstation from http://www.vmware.com/download/ws/. Then, double click the VMware launcher to start the installation wizards.
2. Click NEXT and choose Typical setup type
3. Choose the location for VMware Workstation installation. Then, click NEXT
4. Configure the shortcuts for the VMware Workstation and click NEXT
5. Click INSTALL. This will take several minutes to finish
6. Enter the serial number for the VMware Workstation.
7. Click FINISH and restart the computer.
