Scribd Logo
Carica

Benvenuto in Scribd!

  • Defense-In-Depth: Fore Academy Security Essentials

    Caricato da

    Novia Arifah
    25 visualizzazioni15 pagine

    Titolo originale

    4.pptx

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    25 visualizzazioni15 pagine

    Defense-In-Depth: Fore Academy Security Essentials

    Caricato da

    Novia Arifah

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 15

    FORESEC Academy

    FORESEC Academy Security Essentials

    DEFENSE-IN-DEPTH
    FORESEC Academy

    Defense in-Depth Agenda

     Chapter 7 : Defense in-Depth


     Chapter 8 : Basic Security Policy
     Chapter 9 : Access Control and Password
    Management
     Chapter 10 : Incident Handling Foundations
     Chapter 11 : Information Warfare
     Chapter 12 : Web Communications and
    Security
    FORESEC Academy

    Defense in-Depth

    We have covered: networking, IP, IP


    behaviour, basic traffic analysis, routing,
    host perimeter defense.

    Now, we add security policy, password


    strength and assessment, incident handling,
    information warfare and web security.
    FORESEC Academy

    Defense in-Depth (2)


    FORESEC Academy

    Three Bedrock Principles

     Confidentiality = Rahasia
     Integrity = Integritas
     Availability = Ketersediaan
    FORESEC Academy

    Identity, Authentication &


    Authorization
     Don’t Authentication and Identity mean
    the same thing?
     If we have Authentication and Identity then
    do we need Authorization?
    FORESEC Academy

    Authentication

     Based on:
    - Something you know
    - Something you have
    - Something you are
    FORESEC Academy

    Data Classification

     We classify data with differing levels of


    sensitivity
     Why do we put labels on our data?
     You can’t protect it all so some data requires
    more protection than others
    FORESEC Academy

    Threats

     Activity that represents possible danger


     Can come in different forms & from different
    sources
     You can’t protect against all threats
     Protect against the ones that are most likely or
    most worrisome based on:
    - Business goals
    - Validated data
    - Industry best practice
    FORESEC Academy

    Vulnerabilities

     Weaknesses that allow threats to happen


     Must be coupled with a threat to have an
    impact
     Can be prevented (if you know about them)
    FORESEC Academy

    Relating Risk, Threat and


    Vulnerability

    Risk = Threat x Vulnerability


    FORESEC Academy

    The Threat Model

     Threat
     Vulnerability
     Compromise

    Vulnerabilities are the gateways


    by which threats are manifested.
    FORESEC Academy

    Five Lessons from History

     Morris worm – Availability – 1988


     Melissa - Availability – 1999
     W32.SirCam worm - Confidentiality – 2001
     Code Red II - Integrity – 2001
     Blaster worm - Availability and
    Integrity - 2003
    FORESEC Academy
    FORESEC Academy

    Potrebbero piacerti anche