Security OverviewSecurity Overview

System protection requirements areasSystem protection requirements areasTypes of information protectionTypes of information protection Information Architecture dimensionsInformation Architecture dimensionsPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)

Information Protection Information Protection RequirementsRequirements

ConfidentialityConfidentiality– Protect from unauthorized disclosureProtect from unauthorized disclosure

IntegrityIntegrity– Protect from unauthorized modificationProtect from unauthorized modification

AvailabilityAvailability– Reliable/timely access to required resourcesReliable/timely access to required resources

AuthenticityAuthenticity– Ability to determine authorized sourceAbility to determine authorized source

Non-repudiationNon-repudiation– Non-forgeable proof of data originator’s identity and data Non-forgeable proof of data originator’s identity and data

receiptreceipt

Types of Information Types of Information ProtectionProtection

EncryptionEncryptionAccess controlAccess controlUser identification and authenticationUser identification and authenticationMalicious content detection (viruses)Malicious content detection (viruses)Audits, including real-time intrusion-Audits, including real-time intrusion-

detectiondetectionPhysical SecurityPhysical Security

Information Architecture Information Architecture DimensionsDimensions

Information SystemInformation System– Unauthorized intrusionUnauthorized intrusion– Denial of serviceDenial of service

Information DomainInformation Domain– Users must have freedom of movement Users must have freedom of movement

within their authorized sphereswithin their authorized spheres Information ContentInformation Content

– In-transitIn-transit– At restAt rest

PKIPKIPublic Key InfrastructurePublic Key Infrastructure

Generation of digital certificatesGeneration of digital certificates– Electronic proof of identityElectronic proof of identity

Issuance of Certificate Revocation Lists Issuance of Certificate Revocation Lists (CRLs)(CRLs)

Directories that serve certificates and Directories that serve certificates and CRLsCRLs

PKI TermsPKI Terms

Certificate Authority (CA): Trusted agent Certificate Authority (CA): Trusted agent that signs and issues digital certificatethat signs and issues digital certificate– Sets rules for use, Sets rules for use, – Publishes CRLs, Publishes CRLs, – Posts to directory serverPosts to directory server

Registration Authority (RA): Verifies Registration Authority (RA): Verifies person’s identity, passes on to CAperson’s identity, passes on to CA

Defense Messaging SystemDefense Messaging System

PKI by itself is considered medium PKI by itself is considered medium grade security assurancegrade security assurance

DMS involves PKI with modifications DMS involves PKI with modifications and additionsand additions– DMS is considered “high grade” assuranceDMS is considered “high grade” assurance

Includes detailed policies and custom Includes detailed policies and custom softwaresoftware

http://www.disa.mil/D2/dms/http://www.disa.mil/D2/dms/

Further readingFurther reading

DON CIO Information Technology DON CIO Information Technology Standards Guidance (1999)– Chapter 3Standards Guidance (1999)– Chapter 3– http://www.doncio.navy.mil/training/ools/itshttp://www.doncio.navy.mil/training/ools/its

g/chapter3.htmlg/chapter3.html

DoD Computer Emergency Response DoD Computer Emergency Response Team (CERT)Team (CERT)– http://199.211.123.12/http://199.211.123.12/