Information security: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Howard C. Berkowitz
(New page: '''Communications security''' are the set of protective measures applied to information that traverses a telecommunications network or computer network. There are a wide range of s...)
 
imported>Howard C. Berkowitz
No edit summary
Line 1: Line 1:
'''Communications security''' are the set of protective measures applied to information that traverses a [[telecommunications network]] or [[computer network]]. There are a wide range of such measures, and not all are needed in every situation.  
'''Communications security''' are the set of protective measures applied to information that traverses a [[telecommunications network]] or [[computer network]]. There are a wide range of such measures, and not all are needed in every situation. There is no longer any sharp distinction between communications and information security. In a simpler world, once a user could gain access to a computer, all resources on that computer became available. As information threats grew, user rights were restricted on individual computers; a casual user of a public library no longer could install a new operating system. Now that many applications, invisibly to the user, may be executed using multiple computers, the distinction becomes minimally useful.
 
Still, it is reasonable to talk about the needs of the entire system. Governments may invest billions in [[communications intelligence]] organizations dedicated to breaking the strongest military and diplomatic communications of other governments. Each individual and organization has to address the question of whether a miscreant, whether an individual or a government, is likely to try to access one's own information and communications, and how much effort and expense the miscreant will use.
 
If one is a celebrity, the risks are greater. <ref name=HIPAAClooney>{{citation
| title =  27 suspended for Clooney file peek
| journal = Cable News Network
| date =October 10, 2007
| url = }}</ref> In the cited example of hospital employees looking at an entertainer's records, however, the unauthorized access came from authorized access of the computer system, who had no justification to access those records. Restricting access, by health care workers, to a strict subset of records could limit the needed ability for legitimate access in an emergency. There are no simple answers.


Many years ago, Dennis Bransted, then with the U.S. [[National Institute of Standards and Technology]] coined the "5-S mnemonic that described attributes of a secure communication. We have additional threats today, but this is an excellent start about deciding if a given application needs all of these properties, or if some are not needed. For example, it may be important that a stock market transaction be protected against modification, but, since it will soon be announced, secrecy is not terribly important.
Many years ago, Dennis Bransted, then with the U.S. [[National Institute of Standards and Technology]] coined the "5-S mnemonic that described attributes of a secure communication. We have additional threats today, but this is an excellent start about deciding if a given application needs all of these properties, or if some are not needed. For example, it may be important that a stock market transaction be protected against modification, but, since it will soon be announced, secrecy is not terribly important.
Line 8: Line 16:
*'''Signed''': confirmed as coming from the sender
*'''Signed''': confirmed as coming from the sender
*'''Stamped''': the sender cannot deny sending and the receiver cannot deny receiving
*'''Stamped''': the sender cannot deny sending and the receiver cannot deny receiving
 
==The Security Process==
One eternal truth about security is that it does not exist unless every action affecting a secure event can be audited. A reliable (often replicated) tamper-proof log is essential.
One eternal truth about security is that it does not exist unless every action affecting a secure event can be audited. A reliable (often replicated) tamper-proof log is essential.
==Administration==
In controlled setting such as enterprises, both users and servers are known in advance. As a consequence, every interaction between a user, and a "protected object" can both be defined by rules and be subject to logging. Depending on the particular situation, an object could be as broad as a set of computers and as narrow as a single field of a record.


==The Security Process==
Such controls become impractical in situations such as consumer-to-business applications on the Internet, unless the application requires account creation, or perhaps credit card validation, before interactions occur.
===Administration===
====User creation and granting of privileges====
====User creation and granting of privileges====
====Object labeling====
====Object labeling====
==Interactions==
===Access===
===Access===
====User identification====
====User identification====
Line 27: Line 37:
====Sender nonrepudiation====
====Sender nonrepudiation====
====Receiver nonrepudiation====
====Receiver nonrepudiation====
===Denial of service===
==Denial of service==
==References==

Revision as of 18:57, 8 August 2008

Communications security are the set of protective measures applied to information that traverses a telecommunications network or computer network. There are a wide range of such measures, and not all are needed in every situation. There is no longer any sharp distinction between communications and information security. In a simpler world, once a user could gain access to a computer, all resources on that computer became available. As information threats grew, user rights were restricted on individual computers; a casual user of a public library no longer could install a new operating system. Now that many applications, invisibly to the user, may be executed using multiple computers, the distinction becomes minimally useful.

Still, it is reasonable to talk about the needs of the entire system. Governments may invest billions in communications intelligence organizations dedicated to breaking the strongest military and diplomatic communications of other governments. Each individual and organization has to address the question of whether a miscreant, whether an individual or a government, is likely to try to access one's own information and communications, and how much effort and expense the miscreant will use.

If one is a celebrity, the risks are greater. [1] In the cited example of hospital employees looking at an entertainer's records, however, the unauthorized access came from authorized access of the computer system, who had no justification to access those records. Restricting access, by health care workers, to a strict subset of records could limit the needed ability for legitimate access in an emergency. There are no simple answers.

Many years ago, Dennis Bransted, then with the U.S. National Institute of Standards and Technology coined the "5-S mnemonic that described attributes of a secure communication. We have additional threats today, but this is an excellent start about deciding if a given application needs all of these properties, or if some are not needed. For example, it may be important that a stock market transaction be protected against modification, but, since it will soon be announced, secrecy is not terribly important.

  • Sealed: cannot be modified without detection
  • Sequenced: protected against loss, replaying, or reordering of messages
  • Secret: protected against unauthorized disclosure
  • Signed: confirmed as coming from the sender
  • Stamped: the sender cannot deny sending and the receiver cannot deny receiving

The Security Process

One eternal truth about security is that it does not exist unless every action affecting a secure event can be audited. A reliable (often replicated) tamper-proof log is essential.

Administration

In controlled setting such as enterprises, both users and servers are known in advance. As a consequence, every interaction between a user, and a "protected object" can both be defined by rules and be subject to logging. Depending on the particular situation, an object could be as broad as a set of computers and as narrow as a single field of a record.

Such controls become impractical in situations such as consumer-to-business applications on the Internet, unless the application requires account creation, or perhaps credit card validation, before interactions occur.

User creation and granting of privileges

Object labeling

Interactions

Access

User identification

User authentication

Server authentication

User credentialing

Information transfer

Atomic integrity

Sequential integrity

Content confidentiality

Nonrepudiation

Sender nonrepudiation

Receiver nonrepudiation

Denial of service

References

  1. "27 suspended for Clooney file peek", Cable News Network, October 10, 2007