03_SecurityPolicies
Transcript of 03_SecurityPolicies
-
7/30/2019 03_SecurityPolicies
1/21
Slide #4-1
Chng 3: Chnh sch an ninh
Tng quan V chnh sch an ninh
What they coverPolicy languages
V cc k thut
Types
-
7/30/2019 03_SecurityPolicies
2/21
Slide #4-2
Security Policy
Chnh sch phn chia h thng thnh 2 trng thi:Authorized (secure)
These are states the system can enterUnauthorized (nonsecure) If the system enters any of these states, its a
security violation
Mt h thng an ton:Starts in authorized stateNever enters unauthorized state
-
7/30/2019 03_SecurityPolicies
3/21
Slide #4-3
Tnh bo mt
Xset of entities, Iinformation Ihas confidentiality property with respect to Xif
no x
Xcan obtain information from I Ican be disclosed to others Example:
Xset of students
Ifinal exam answer key Iis confidential with respect to Xif students cannot
obtain final exam answer key
-
7/30/2019 03_SecurityPolicies
4/21
Slide #4-4
Tnh ton vn
Xset of entities, Iinformation
Ihas integrity property with respect to Xif all x
Xtrust information in I Types of integrity:
trust I, its conveyance and protection (data integrity)
Iinformation about origin of something or an identity(origin integrity, authentication)
Iresource: means resource functions as it should(assurance)
-
7/30/2019 03_SecurityPolicies
5/21
Slide #4-5
Tnh kh dng
Xset of entities, Iresource
Ihas availability property with respect to Xif all x
Xcan access I Types of availability:
traditional:x gets access or not
quality of service: promised a level of access (forexample, a specific level of bandwidth) and not meet it,
even though some access is achieved
-
7/30/2019 03_SecurityPolicies
6/21
Slide #4-6
Cc kiu chnh sch
Chnh sch qun i (chnh quyn)Policy primarily protecting confidentiality
Chnh sch thng miPolicy primarily protecting integrity
Chnh sch bo mt
Policy protecting only confidentiality Chnh sch ton vn
Policy protecting only integrity
-
7/30/2019 03_SecurityPolicies
7/21
Slide #4-7
Tnh ton vn trong giao dch
Bt u trng thi bn vng Consistent defined by specification
Thc hin mt chui cc thao tc (transaction)Actions cannot be interrupted
If actions complete, system in consistent state
If actions do not complete, system reverts tobeginning (consistent) state
-
7/30/2019 03_SecurityPolicies
8/21
Slide #4-8
S tin cy
Ngi qun tr ci mt bn v li:
1. Trusts patch came from vendor, not
tampered with in transit
2. Trusts vendor tested patch thoroughly
3. Trusts vendors test environmentcorresponds to local environment
4. Trusts patch is installed correctly
-
7/30/2019 03_SecurityPolicies
9/21
-
7/30/2019 03_SecurityPolicies
10/21
Slide #4-10
Answer Part 1
B gian ln Policy forbids copying homework assignment Bill did it System entered unauthorized state (Bill having a copy
of Annes assignment)
Nu khng pht biu r rng trong chnh sch anninh, th l ngm nhNot credible that a unit of the university allows
something that the university as a whole forbids, unlessthe unit explicitly says so
-
7/30/2019 03_SecurityPolicies
11/21
Slide #4-11
Answer Part 2
A khng bo v file bi tpNot required by security policy
A khng vi phm chnh sch an ninh
Nu chnh sch yu cu SV phi bo v filebi tp, th A vi phm chnh sch an ninh
-
7/30/2019 03_SecurityPolicies
12/21
Slide #4-12
K thut
Cch thc hoc quy trnh lm cho chnhsch c hiu lc:
Access controls (like bits to prevent someonefrom reading a homework file)
Disallowing people from bringing CDs and
floppy disks into a computer facility to controlwhat is placed on systems
-
7/30/2019 03_SecurityPolicies
13/21
Slide #4-13
V d v chnh sch
Chnh sch an ninh cho mt trng HInstitution has multiple campuses, administered
from central officeEach campus has its own administration, and
unique aspects and needs
Chnh sch s dng hp php Chnh sch cho h thng email
-
7/30/2019 03_SecurityPolicies
14/21
Slide #4-14
Chnh sch s dng hp php
Dng cho tng campus
Mc tiu ca h thng my tnh Cc mc ch c bn: Truy cp ti nguyn, trao i thng tin, tn
trng quyn ring t, tn trng tnh ton vn ca h thng
K thut thc hin chnh sch: quy nh hnh chnh Warnings
Denial of computer access
Disciplinary action up to and including expulsion
Thng bo chnh thc cho cng ng ngi dng
-
7/30/2019 03_SecurityPolicies
15/21
Slide #4-15
Chnh sch th in t
Dng cho ton trng
Gm 3 phnSummary
Full policy
Interpretation at the campus
-
7/30/2019 03_SecurityPolicies
16/21
Slide #4-16
Summary
Cnh bo email khng phi ring tCan be read during normal system
administrationCan be forged, altered, and forwarded
Unusual because the policy alerts users to
the threatsUsually, policies say how to prevent problems,
but do not define the threats
-
7/30/2019 03_SecurityPolicies
17/21
Slide #4-17
Summary
Nhng g nn v khng nn lmThink before you send
Be courteous, respectful of others Dont interfere with others use of email
C th s dng cho mc ch c nhn,
nhng hn ch
-
7/30/2019 03_SecurityPolicies
18/21
Slide #4-18
Uses of E-mail
C th gi nc danhException: if it violates laws or other policies
Khng gy phin h cho ngi khcNo spam, letter bombs, e-mailed worms, etc.
Hn ch s dng cho mc ch c nhn
Cannot interfere with university businessSuch e-mail may be a university recordsubject to disclosure
-
7/30/2019 03_SecurityPolicies
19/21
Slide #4-19
Security of E-mail
Nh trng c th c Wont go out of its way to do so
Allowed for legitimate business purposesAllowed to keep e-mail robust, reliable
Cho php lu tr hoc ghi nh li
May be able to recover e-mail from end system(backed up, for example)
-
7/30/2019 03_SecurityPolicies
20/21
Slide #4-20
Implementation
Thm vo cc yu cu c th ca cc c s Example: incidental personal use not allowed if it
benefits a non-university organization
Allows implementation to take into account differencesbetween campuses
Procedures for inspecting, monitoring, disclosinge-mail contents
Backups
-
7/30/2019 03_SecurityPolicies
21/21
Slide #4-21
Key Points
Chnh sch m t nhng g c php
K thut iu khin vic cc chnh sch
c p dng nh th no S tin cy lm nn tng cho cc vn an
ninh