Documente Academic
Documente Profesional
Documente Cultură
Security
P.S.Dhekne
BARC
Sharing of files
Adding Security:
passwords, cryptography, access control lists,
capabilities
Physical security (Key servers etc)
Cryptography
Encryption/decryption
Key management
Session key protocols
Public Key Infrastructures
Certification
Digital Signatures
External Access:
One point access: Internet, Dialups (callbacks), Broadband, DSL,
wireless …; violation only with cryptographic encryption
Minimum Standards for Hardware
Software Standards:
OS, Browsers, Compilers, Tools – prefer open source
Secure Configuration
email, mobile agents/systems, only required ports to be open,
restrictions on shell (corresponding to required security levels)
Viruses (continuous protection)
Denial of Service Protection
August 24, 2006 Presentation at SASTRA 19
Minimum Security (contd)
Trusted sites
Use of public network
Secure channels
Transparent to users
- Loss of data
- Loss of server up time
- Loss of user's productivity
- Loss of money
Average cost per virus encounter US $ 2454
How much protection is enough ?
No one knows!!
August 24, 2006 Presentation at SASTRA 31
Information Security
Management System (ISMS)
Organization Security
Personnel Security Security Policy
Physical & Environmental security
Internet
WWW
DMZ
PROXY Mail DNS
server Server Gateway server
192.168.x.x
IDS
Internal Centralized
Email Log server NAT Firewall
Server And SMS
10.x.x.x
PC PC
ISDN lines
PC PC PC PC PC PC