Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design for Security Pepper.

Similar presentations


Presentation on theme: "Design for Security Pepper."— Presentation transcript:

1 Design for Security Pepper

2 Types of Security Threats
Confidentiality of the system and data Integrity of system and data Availability of system and data

3 Common Workplace Holes
Easy to guess passwords Not installing protection software

4 Ways to Protect Vulnerability avoidance
Don't connect to internet Password changes (but not so often that people write them down) Encryption Attack detection and neutralization Monitor operation Alert unusual patterns of activity Shut down a a part of the system or deny access to certain users Exposure limitation and recovery Automated backup or mirror Insurance policies

5 Firesmith: 10 types of security requirements
Identification - Whether a system should identify its users (for inquiry and/or change) Authentication - how to identify users Authorization - who can do what Immunity - how to protect against malware Integrity - How data corruption can be avoided Intrusion detection - what mechanisms should be used to detect attacks Non-repudiation requirements - ensure every party in the transaction must admit its involvement Privacy - keep data private if it should not be shared Security auditing - how to audit and check that the system is secure System maintenance - prevent unauthorized changes to production systems

6 Assessment Can decide what to invest based upon
likelihood of problem occurring level of problem a security break would cause. There are mathematical models to help you assess and compare the likelihood and level of problems.

7 Secure System Design Guidelines
Base security decisions on explicit security policy - write it if it does not exist Avoid a single point of failure Fail securely Balance security and usability Log user actions Use redundancy and diversity to reduce risk Validate all inputs (buffer overflow, sql injection …) Compartmentalize your assets Design for deployment Design for recoverability

8 Summary Types of Security Threats - confidentiality, integrity, availability Protection - avoid vulnerability; detect and neutralize attacks, ensure recovery 10 security requirements to consider Weigh risk and level of issue a break would cause


Download ppt "Design for Security Pepper."

Similar presentations


Ads by Google