Curiously capitalized words (Formal model)
dagmar.wants at nospam.com
Tue Feb 17 10:38:13 PST 2004
Okay, the words I've been capitalizing (seemingly at random for the
uninitiated) are essentially formal concepts you'll see written about
over and over again in various IT security books that describe a formal
approach. Read these once and they'll probably stick with you well
enough to work with them.
Assets and Resources (as in Assets and Resources) are anything you
have on the network. A host machine is one. A service running on that
machine is one. A network segment itself is one. Users (to a greater
or lesser degree depending) are as well. Assets and Resources must be
protected by the security model.
The big one, and the standby that you'll see almost everywhere forms
the mnemonic "CIA" which stands for the three things a security model
must enforce/protect. Confidentiality, Integrity, and Availability.
* Confidentiality - This means that your Assets should only be
accessible by authorized parties (e.g., script kiddies, insiders, or
"corporate counter-intelligence specialists" a.k.a spies).
...particularly relevant to data.
* Integrity - This means that your Assets (particularly with respect to
data) should not be modifiable by unexpected events or unauthorized
parties (e.g. disk-failures, solar flares, broken routers, corporate
* Availability - This means that your Assets should be accessible when
they need to be accessible. DoS attacks are a very obvious threat to
The other boring mnemonic is "P&D" which is something you may see
Dorothy Denning talking about (in her very nice book) and stands for
Prevention & Detection. In practice, every part of your security model
will boil down to at least one of these two. Your security model must
either Prevent incidents outright (disabling stack executeability as an
example of a Prevention technique) or it must Detect that an incident
has occurred (e.g. tripwire for unauthorized modification of system
data--compromise of Integrity, and administrative log review to spot
probe activity and/or logins from obviously unauthorized locations
and/or times). If both Prevention and Detection are a miss for a given
incident, _then_ your security model has failed. Probably the hardest
thing to do at times is decide which is more important, but a really
thorough model will have something for both Prevention *and* Detection
of threats against all Assets and Resources.
The email address above is phony because my penis is already large enough, kthx.
AIM: evilDagmar Jabber: evilDagmar at jabber.org
More information about the hlfs-dev