Information Systems Security Essentials Chapter 3

Chat with Document Download

Document Details

rejoice

Uploaded by rejoice

Namibia University of Science and Technology

Tags

cyber security security controls information technology

Related

Summary

This document is Chapter 3 of Information Systems Security Essentials (ISS611S) from the Namibia University of Science and Technology. It covers security controls, including firewalls, intrusion detection and prevention systems, authentication, and access control. The document also includes a case study on defending the digital vault.

Full Transcript

Information Systems Security Essentials (ISS611S) Chapter 3 – Security Controls Contents Firewalls IDS & IPS Authentication and Access Control Access Control Principles End-point Security Learning Outcomes Discuss t...

Information Systems Security Essentials (ISS611S) Chapter 3 – Security Controls Contents Firewalls IDS & IPS Authentication and Access Control Access Control Principles End-point Security Learning Outcomes Discuss the importance of Security Control Explain how different security controls works Describe access control types and principles Understand endpoint security measures and their significance. Introduction – Security controls are safeguards or countermeasures designed to protect information systems and data from threats, while ensuring security Properties. – Recap : Security Control types: Physical, Technical and Administrative. – This unit focuses more on Technical Controls Case Study The Cyber Heist: Defending the Digital Vault Discussion: What additional security controls could VaultSec Trust implement to further strengthen its defenses? Why are firewalls often insufficient in preventing cyber attacks? Firewalls A firewall is a device or software in a network that controls incoming and outgoing network traffic according to predetermined security rules. Usually set up as a barrier between an internal trusted network and external untrusted networks, i.e., Internet. Key functions of a Firewall Packet Filtering Access Control Threat Detection Firewall Technologies Packet filtering: This type of firewall filters traffic based on IP addresses, port numbers, and protocols. Stateful inspection: This type of firewall monitors the state of network connections and makes decisions based on the context of those connections. Next-generation firewalls (NGFWs): These firewalls offer more advanced security features, such as intrusion prevention and application control. Intrusion Detection Systems(IDS) Inspects both inbound and outbound traffic for suspicious behavior. Alert security personnel of a potential security breach. Intrusion Prevention System (IPS) Analyzes all traffic flows that enter the network and takes automated actions when necessary IPS Modes can be: - Signature based detection - Anomaly based detection - Policy based detection IPS/IDS Placement Authentication Authentication confirms that you are who you say you are. Needs Identification to do this. Identification vs Authentication Identification asserts a person’s identity, authentication validates it. Identity = Public Authentication = Private Authentication Mechanisms Something a user knows: Passwords, Security Questions Something a user has: Access Cards, Keys Something a user is: Biometrics, voice and face recognition. More on Authentication Single Sign-On Multifactor Authentication Access Control Access control determines who is allowed to access certain data, apps, and resources—and in what circumstances., Using Access Control Policies Access control policies rely heavily on authentication and authorization - Authentication - Act of validation given identity, to prove that a person is who he says he is. - Authorisation - determines what that user is allowed to do within a system or resource Access Control Process 1. Authenticate 2. Authorise 3. Access 4. Manage 5. Audit Access Control Models 1. Role-Based Access Control (RBAC) - Roles 2. Attribute-Based Access Control (ABAC) – User, resource and environment attributes 3. Discretionary Access Control (DAC) – Resource Owner defines access 4. Mandatory Access Control (MAC) – Resources and Information are classified, and access is granted based user class and clearance level 5. Policy-Based Access Control (PBAC) – Access is based on defined policy rules Access Control Case study Read, analyse and answer questions based on Access Control Case study. Case study is uploaded on eLearning and on MS Teams. End Point Security Endpoint security is the practice of securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors Read article below for more context on end-point security https://www.spiceworks.com/it-security/network- security/articles/what-is-endpoint-security/ 13 Storch Street T: +264 61 207 2258 Private Bag 13388 F: +264 61 207 9258 Windhoek E: [email protected] NAMIBIA W: www.nust.na Summary Homework Read and Analyse Case study & Answer Questions What are some of weaknesses in different Authentication Mechanisms