Global access to anyone, anywhere, anytime
Access methods/modes: different security needs
Evolution of computing:
batch: one job. physical access to card reader, printer
timesharing: mainframe terminals or dial-up
departmental: minicomputer. adds system-to-system access thru point-to-point connection
distributed: PCs on LAN share info
global: Internet access
Physical access should be most restricted because allows
compromise. Locks, logging, clean desk, dumpster diving (searching trash)
Direct access: directly connected links; terminals, console
Network access: LAN owned & operated by organization. Protocols with no security, eg. cleartext. Broadcast protocols.
Remote access: over public or external comm. beyond your control. Security perimeter: points at which info travels in or out of your control.
Social access: talk
Access points as security checkpoints: access should be limited where
there is change in level of security required, change in security
admin, change in level of threat.
Security domain: common control, similar threats & level of security. Independently managed from other security domains. Uniform security policies. Interact with other security domains at access points.
Domain of trust: part of a security domain that uses one authentication.
VPN virtual private network: secure connection between domains of trust. Cryptographic tunnel over public network. Can connect perimeter devices (eg. firewalls) of one domain to another or connect end-nodes (client to server). Authenticated users create a connection from wherever they are to the secure VPN server.
Access server: controls access across an access point.
network security: limit flow of info over a part of the network, or limits connectivity to specific hosts.
switch: send packet only to destination
filter: isolates sections
router: packet sent based on source & destination & type of packet
firewall: restrict traffic to authorized comm from authenticated users
proxies: isolate connections by becoming both the endpoint for the inside and outside connection
host-based security: access controlled by host itself.
connection type: modems, console
trust other hosts
Traditional assumption that insiders are friendly and outsiders are not is no longer true.