The vital security components that are needed to protect information system infrastructure revolve around three security areas which are, · Confidentiality: data and information are protected from unauthorized access

Subject:Computer SciencePrice: Bought3

Share With

The vital security components that are needed to protect information system infrastructure revolve around three security areas which are,

· Confidentiality: data and information are protected from unauthorized access.

· Integrity: Data is intact, complete, and accurate.

· Availability: IT systems are available when needed.

· Authenticity: A security policy includes a hierarchical pattern. It means inferior workers is typically certain to not share the small quantity of data they unless approved.

· Non-Repudiation: It is the assurance that somebody cannot deny the validity of one thing. It may be a legal thought that’s widely used in data security and refers to a service that provides proof of the origin of information and the integrity of the information.

To protect confidentiality aspect access control mechanisms should be used to control who has access to information. these access control mechanisms can be biometrics authentication, security policies, and other access control systems. The other important thing is to protect the critical information from unauthorized modification. secondly, the availability aspect can be protected by firewalls and other protective network devices.

A hardware security module is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.

 

Access control is a security technique that regulates who or what can view or use resources in a computing environment. Physical access control limits access to, buildings, rooms and physical IT assets.

Logical access control limits connections to computer networks, system files and data.

Access control mechanism perform identification, authentication and authorization of users and entities by using passwords, PINs , Biometrics etc.

 

Types of Access control Mechanism

· Mandatory Access Control: central agency controlled, access and rights are given to user for certain data, used in Military

· Discretionary Access Control: owners/admin authorize use of resources

· Role Based Access Control: grants access to groups based on business functions

· Rule Based Access Control: rules made to govern access to users

· Attribute Based Access Control: rights given on basis of attribute of users, system, and environment

 

IDS are such devices either Hardware or software, which inspects the network traffic, scan it against signatures/heuristics to identify any malicious activity, and generates alerts so that security team can analyze that. These systems can be categorized into Network-Based, Wireless Based, Network Behavior, and Host-Based intrusion prevention system. A prominent difference between intrusion detection systems and intrusion protection systems is that IDS only detects the attack/malicious content, while IPS detects and stops the traffic.

The simplest host-based intrusion detection system is a cap on Login attempts. The most common way to break into a host is to attempt to login and guess the password. Almost all hosts will automatically block an incoming login after 3 failed attempts.

Host-based IDS are primarily focused on filtering and analyzing the network traffic of certain hosts it is deployed incoming and outgoing packets from this host are analyzed and compared to a centralized detection engine to determine if the network behavior is in normal operating procedure.

Network-Based IDs analyzes the entire network traffic looking for malicious pattern that could potentially reveal network anomalies and provide adequate action based on the detection settings.