Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- IT Security//
- Data security
- Software security
- Hardware security
- ---------------------
- Physical security measures
- Procedural security measures
- Technical security measures
- ----------------------------
- Attributes of information //
- Confidentiality
- Integrity
- Availability
- Authenticity/Unrepudability
- ------------------------
- Security mechanism//
- Encryption
- Checksum
- Redundancy
- Firewall
- Authentification
- Authorization
- Accounting
- -------------------
- Three ways of providing information
- Defense
- deferrence
- detecting
- -------------
- Identify your information resources
- what kind of nsk each of these resources can be exposed?
- How high is the risk?
- C- I - M
- -----------------------
- RESOURCE1 H- H - H
- ----------------------
- RESOURCE1 H- H - H
- ----------------------
- RESOURCE1 H- L - L
- -----------------------
- Designing of IT infrastructure Security //
- 1st stage: Analysis
- resourses &risk
- IT infrastructure
- functions
- do not implement functions you are intended ti use
- do not install or remove or (at least)stop unneeded services
- ---------------------
- Hardware
- Computer &servers
- Network devices
- Network topology
- -----------------
- Software
- OS
- Service software
- Network topology
- -------------
- Personal
- skill
- habits
- CONCLUSION for the 1st stage
- Security Policy
- (general ,wide audience)
- Operational Documents
- (technical, for IT staff, implied by Security Policy)
- 2nd stage: implementation
- firewalls
- vpns
- certification authorities
- authentication & authorization
- antivirus software
- spam filters
- courses for the staff
- All of these should form a logical &consisted system
- A good practice build onion security architecture
- 3rd stage :Monitoring
- review of logs
- intrusion Detection/Prevention
- Systems(IDS/IPS)
- You always should log
- failed logins
- deny access to files/directories
- 4th stage: Reaction
- what to do?
- who is responsible for the doc
- what repairing actions are to be performed
- what prepare for incident investigation
- How to say to the public
- TURN BACK TO STAGE 1
- CRYPROLOGY
- CRYPTOGRAPHY CRYPTOANALYSIS STEGANOGRAPHY(embedding the "real" message in a unsuspicious message)
- (secret message sent in clear way) "brute force attack" (clear text in a secret way)
- (plain text="real message "cryptanalitic attacks=exploit a vulnerability in the encyption method"
- ciphertext=ecrypted message
- key="secret" component allowing conversion of ciphertext to plain text(or reverse))
- attacks on encryption algorithms
- --attack with a known ciphertext(the weakest method of attack)
- --you want tp reveal the plain text
- --you want to find the encryption key
- the attack is easier to perform if the cryptanalyst has more ciphertext encrypted with the same key
- attack with a known plain text
- --known=a number of ciphertext and at least one pair plain text-ciphertext
- attack with a chosen plain text
- --its possible to encrypt a plain text
- attack with as chosen ciphertext(lunch-time attack)
- encryption: plain text ->ciphertext
- decryption: ciphertext ->plaintext
- --------------------------------------------------------------
- CRYPTOGRAPHIC ALGORITHMS
- TRANSPOSITION(PERMUTATION)
- s e c u r i
- t y o f i t
- i n f r a s
- t r u c t u
- r e x y z w
- STITREYNRECOFUXUFRCYRIATZITSUW
- SUBSTITUTION
- example: Ceasar cipher (shift any letter by 3)
- VHFXUL....
- improvement:Vigenare cipher
- CIPHER -images of the letter 'A' in consecutive Caesar's ciphers
- ONE TIME PAD(substitution cipher)
- --the key length is as long as the message
- --use every key only once
- --keys are truly random
- Unconditionally secure encryption algorithm
- Conditionally secure encryption algorithms:
- --either the time which must be spent on breaking the ciphertext is longer than the time by which the plain text must be kept secret
- --or breaking ciphertext is more expensive than the value of plain text message
- Algorithms are based on S-P(substitution-permutation) networks
- example :DES,AES
- It should be practically impossible to deduce private key for a given public key.
- examples:RSA :RSA
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement