Escolar Documentos
Profissional Documentos
Cultura Documentos
Administrative Policy and procedure Personnel controls Supervisory Structure Security-awareness training Testing Physical Controls Network Segregation Perimeter Security Computer Controls Work area separation Data Backups Cabling Control Zone Technical Controls System Access Network Architecture Network Access Encryption and protocols Auditing Types Subject is an active entity that requests access to an object or data within an object Access Control - security features that control how users and systems communicate and interact with other systems Access - flow of information between subject and object Object is a passive entity that contains information or needed functionality Preventive Detective Corrective Recovery Deterrent Discretionary Access Control (DAC) Gives subjects full control of objects full control of objects the have been given access to, including sharing the objects with other subjects Windows and Linux use it for filesystems Identity based access control Non-discretionary Mandatory Access Control (MAC) System-enforced control based on subject's clearance and object's labels. Security Labels (Sensitivity Labels) Contains classifications and different categories Categories enforce need-to-know rules Role-based Access Control (RBAC) Uses centrally administrated set of controls to determine how subjects and objects interact Core RBAC Hierarchical RBAC
General Concepts
Compensating
Practices
Monitoring
Intrusion Detection System Network-based Host-based Knowledge-based Signature-based State-based Statistical anomaly-based Protocol anomaly-based Traffic anomaly-based Rule-based Intrusion Prevention System Honeypot Network Sniffers
Assessment
Penetration Testing Social Engineering Zero-knowledge (Black Box) Full-knowledge (crystal-box) Partial-knowledge Methodology Planning Reconnaissance Scanning (Enumeration) Vulnerability Assessment Exploitation Reporting Vulnerability Testing
Security Principles
Security Domains resources within logical structure work under same security policy and managed by the same group Directory Services Thin Clients