Professional Documents
Culture Documents
V cc k thut
Types
Slide #4-1
Security Policy
Chnh sch phn chia h thng thnh 2 trng thi: Authorized (secure)
These are states the system can enter
Unauthorized (nonsecure)
If the system enters any of these states, its a security violation
Mt h thng an ton:
Starts in authorized state Never enters unauthorized state
Slide #4-2
Tnh bo mt
X set of entities, I information I has confidentiality property with respect to X if no x X can obtain information from I I can be disclosed to others Example:
X set of students I final exam answer key I is confidential with respect to X if students cannot obtain final exam answer key
Slide #4-3
Tnh ton vn
X set of entities, I information I has integrity property with respect to X if all x X trust information in I Types of integrity:
trust I, its conveyance and protection (data integrity) I information about origin of something or an identity (origin integrity, authentication) I resource: means resource functions as it should (assurance)
Slide #4-4
Tnh kh dng
X set of entities, I resource I has availability property with respect to X if all x X can access I Types of availability:
traditional: x gets access or not quality of service: promised a level of access (for example, a specific level of bandwidth) and not meet it, even though some access is achieved
Slide #4-5
Chnh sch bo mt
Policy protecting only confidentiality
S tin cy
Ngi qun tr ci mt bn v li: 1. Trusts patch came from vendor, not tampered with in transit 2. Trusts vendor tested patch thoroughly 3. Trusts vendors test environment corresponds to local environment 4. Trusts patch is installed correctly
Slide #4-8
Tnh hung
Chnh sch ngn cm gian ln
Includes copying homework, with or without permission
Cc SV kha CNTT lm bi tp trn my tnh A qun khng bo v file bi tp ca mnh B sao chp Ai l ngi gian ln?
A, B, or both?
Slide #4-9
Answer Part 1
B gian ln
Policy forbids copying homework assignment Bill did it System entered unauthorized state (Bill having a copy of Annes assignment)
Answer Part 2
A khng bo v file bi tp
Not required by security policy
A khng vi phm chnh sch an ninh Nu chnh sch yu cu SV phi bo v file bi tp, th A vi phm chnh sch an ninh
Slide #4-11
K thut
Cch thc hoc quy trnh lm cho chnh sch c hiu lc:
Access controls (like bits to prevent someone from reading a homework file) Disallowing people from bringing CDs and floppy disks into a computer facility to control what is placed on systems
Slide #4-12
V d v chnh sch
Chnh sch an ninh cho mt trng H
Institution has multiple campuses, administered from central office Each campus has its own administration, and unique aspects and needs
Slide #4-14
Chnh sch th in t
Dng cho ton trng Gm 3 phn
Summary Full policy Interpretation at the campus
Slide #4-15
Summary
Cnh bo email khng phi ring t
Can be read during normal system administration Can be forged, altered, and forwarded
Summary
Nhng g nn v khng nn lm
Think before you send Be courteous, respectful of others Dont interfere with others use of email
Slide #4-17
Uses of E-mail
C th gi nc danh
Exception: if it violates laws or other policies
Security of E-mail
Nh trng c th c
Wont go out of its way to do so Allowed for legitimate business purposes Allowed to keep e-mail robust, reliable
Implementation
Thm vo cc yu cu c th ca cc c s
Example: incidental personal use not allowed if it benefits a non-university organization Allows implementation to take into account differences between campuses
Slide #4-20
Key Points
Chnh sch m t nhng g c php K thut iu khin vic cc chnh sch c p dng nh th no S tin cy lm nn tng cho cc vn an ninh
Slide #4-21