SecurityJonathan GeislerApril 26, 2006Jonathan Geisler SecuritySecuritySecurity is the assurance that system resources are being used asintended. This incorporates:Physical accessHuman psychologyNetwork accessOS protectionsJonathan Geisler SecurityAuthentication vs. AuthorizationAuthentication is determining who the agent trying to act isvia:What the agent hasWhat the agent knowsWhat is inherent to the agentAuthorization is determining whether the agent is allowed toact in a specified mannerJonathan Geisler SecurityPasswordsVulnerabilitiesEasily guessableObservableHuman natureAlternativesOne-time passwordsEncryptionFrequent changesBiometricsJonathan Geisler SecurityPasswordsVulnerabilitiesEasily guessableObservableHuman natureAlternativesOne-time passwordsEncryptionFrequent changesBiometricsJonathan Geisler SecurityPasswordsVulnerabilitiesEasily guessableObservableHuman natureAlternativesOne-time passwordsEncryptionFrequent changesBiometricsJonathan Geisler SecurityPasswordsVulnerabilitiesEasily guessableObservableHuman natureAlternativesOne-time passwordsEncryptionFrequent changesBiometricsJonathan Geisler SecurityProgrammatic threatsTrojan horsesTrap doorsLogic bombsBuffer overflowsWormsVirii(D)DOSJonathan Geisler SecurityProgrammatic threatsTrojan horsesTrap doorsLogic bombsBuffer overflowsWormsVirii(D)DOSJonathan Geisler SecurityProgrammatic threatsTrojan horsesTrap doorsLogic bombsBuffer overflowsWormsVirii(D)DOSJonathan Geisler SecurityProgrammatic threatsTrojan horsesTrap doorsLogic bombsBuffer overflowsWormsVirii(D)DOSJonathan Geisler SecurityProgrammatic threatsTrojan horsesTrap doorsLogic bombsBuffer overflowsWormsVirii(D)DOSJonathan Geisler SecurityProgrammatic threatsTrojan horsesTrap doorsLogic bombsBuffer overflowsWormsVirii(D)DOSJonathan Geisler SecurityProgrammatic threatsTrojan horsesTrap doorsLogic bombsBuffer overflowsWormsVirii(D)DOSJonathan Geisler SecuritySafety measuresCryptographyAuthenticationSecure file systemsIPSecExplicit security policySecurity scans (i.e., vulnerability assessment)FirewallsIntrusion detectionLoggingJonathan Geisler SecuritySafety measuresCryptographyAuthenticationSecure file systemsIPSecExplicit security policySecurity scans (i.e., vulnerability assessment)FirewallsIntrusion detectionLoggingJonathan Geisler SecuritySafety measuresCryptographyAuthenticationSecure file systemsIPSecExplicit security policySecurity scans (i.e., vulnerability assessment)FirewallsIntrusion detectionLoggingJonathan Geisler SecuritySafety measuresCryptographyAuthenticationSecure file systemsIPSecExplicit security policySecurity scans (i.e., vulnerability assessment)FirewallsIntrusion detectionLoggingJonathan Geisler SecuritySafety measuresCryptographyAuthenticationSecure file systemsIPSecExplicit security policySecurity scans (i.e., vulnerability assessment)FirewallsIntrusion detectionLoggingJonathan Geisler SecuritySafety measuresCryptographyAuthenticationSecure file systemsIPSecExplicit security policySecurity scans (i.e., vulnerability assessment)FirewallsIntrusion detectionLoggingJonathan Geisler SecuritySafety measuresCryptographyAuthenticationSecure file systemsIPSecExplicit security policySecurity scans (i.e., vulnerability assessment)FirewallsIntrusion detectionLoggingJonathan Geisler SecuritySafety measuresCryptographyAuthenticationSecure file systemsIPSecExplicit security policySecurity scans (i.e., vulnerability assessment)FirewallsIntrusion detectionLoggingJonathan Geisler SecuritySafety measuresCryptographyAuthenticationSecure file systemsIPSecExplicit security policySecurity scans (i.e., vulnerability assessment)FirewallsIntrusion detectionLoggingJonathan Geisler SecurityClassificationsAB3 + formal design and verificationB1C2 + sensitivity labels on objects2B1 + sensitivity labels on resources3B2 + exclusionary access controlC1Users control protection2C1 + control granularity @ individual usersDNo guaranteesJonathan Geisler SecurityClassificationsAB3 + formal design and verificationB1C2 + sensitivity labels on objects2B1 + sensitivity labels on resources3B2 + exclusionary access controlC1Users control protection2C1 + control granularity @ individual usersDNo guaranteesJonathan Geisler SecurityClassificationsAB3 + formal design and verificationB1C2 + sensitivity labels on objects2B1 + sensitivity labels on resources3B2 + exclusionary access controlC1Users control protection2C1 + control granularity @ individual usersDNo guaranteesJonathan Geisler SecurityClassificationsAB3 + formal design and verificationB1C2 + sensitivity labels on objects2B1 + sensitivity labels on resources3B2 + exclusionary access controlC1Users control protection2C1 + control granularity @ individual usersDNo guaranteesJonathan Geisler SecurityClassificationsAB3 + formal design and verificationB1C2 + sensitivity labels on objects2B1 + sensitivity labels on resources3B2 + exclusionary access controlC1Users control protection2C1 + control granularity @ individual usersDNo guaranteesJonathan Geisler SecurityClassificationsAB3 + formal design and verificationB1C2 + sensitivity labels on objects2B1 + sensitivity labels on resources3B2 + exclusionary access controlC1Users control protection2C1 + control granularity @ individual usersDNo guaranteesJonathan Geisler SecurityClassificationsAB3 + formal design and verificationB1C2 + sensitivity labels on objects2B1 + sensitivity labels on resources3B2 + exclusionary access controlC1Users control protection2C1 + control granularity @ individual usersDNo guaranteesJonathan Geisler