Midterm exam review information systems 365 with your host nicholas davis
Post on 16-Jan-2015
411 Views
Preview:
DESCRIPTION
Transcript
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Midterm Exam ReviewInformation Systems 365
With Your HostNicholas Davis
>> 0 >> 1 >> 2 >> 3 >> 4 >>
8
>> 0 >> 1 >> 2 >> 3 >> 4 >>
7
>> 0 >> 1 >> 2 >> 3 >> 4 >>
6
>> 0 >> 1 >> 2 >> 3 >> 4 >>
5
>> 0 >> 1 >> 2 >> 3 >> 4 >>
4
>> 0 >> 1 >> 2 >> 3 >> 4 >>
3
>> 0 >> 1 >> 2 >> 3 >> 4 >>
>> 0 >> 1 >> 2 >> 3 >> 4 >>
>> 0 >> 1 >> 2 >> 3 >> 4 >>
PICTURE
START
>> 0 >> 1 >> 2 >> 3 >> 4 >>
The Basics
• Information Systems 365/765 midterm exam is this Thursday, October 23rd
• You may elect to take the exam on Tuesday, October 28th, by sending me an email prior to midnight on Wednesday, October 22nd
>> 0 >> 1 >> 2 >> 3 >> 4 >>
The Format
• The format of the exam will be 50 multiple choice questions
• Some are easy• Some are hard• You may hate me once you see the exam• Multiple choices range A thru J in some
cases, with lots of “all of the above” and “none of the above” choices appearing
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Keep the Five Pillars Of Information Security in Mind Throughout the Course
• Protection
• Detection
• Reaction
• Documentation
• Prevention
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Benefits of Technical Controls
• Strong and consistent, treat everyone equally
• Can be audited with real assurance of the truthfulness of the data
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Drawbacks of Technical Controls
• Costly
• Complex and time consuming
• When they break, they either fail open or fail closed, neither of which may be desirable
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Administrative Controls
• Using policies, procedures, safety signs, training or supervision, or a combination of these, to control risk.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Benefits of Administrative Controls
• Usually inexpensive
• Easy to implement
• Very flexible
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Drawbacks of Administrative Controls
• Difficult to enforce
• Difficult to audit
• Impossible to verify
• Easy to evade by a dedicated individual
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Data Classification Levels
• Top Secret
• Highly Confidential
• Proprietary
• Internal Use Only
• Public Documents
• Terminology varies by organization
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Authentication Defined“Electronic authentication provides a level of
assurance as to whether someone or something is who or what it claims to be in a digital environment. Thus, electronic authenticationplays a key role in the establishment of trust relationships for electronic commerce, electronic government and many other social interactions. It is also an essential component of any strategy to protect information systems and networks, financial data, personal information and other assets from unauthorised access or identity theft. Electronic authentication is therefore essential for establishing accountability online.”
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Encryption
• Encryption is the coding or scrambling of information so that it can only be decoded and read by someone who has the correct decoding key.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Single Factor vs. Multifactor vs Dual Factor
• Single Factor – Using one method to authenticate.
• Dual Factor – Using two different types of authentication mechanism to authenticate
• Multifactor – Using multiple forms of the same factor. (Password + identifying an image)
• Some people claim multi factor is just a way around industry regulations. Good test is to ask, could I memorize both of these?
>> 0 >> 1 >> 2 >> 3 >> 4 >>
If You Choose to Use Passwords..
• Be as long as possible (never shorter than 6 characters). • Include mixed-case letters, if possible. • Include digits and punctuation marks, if possible. • Not be based on any personal information. • Not be based on any dictionary word, in any language. • Expire on a regular basis and may not be reused• May not contain any portion of your name, birthday,
address or other publicly available information
>> 0 >> 1 >> 2 >> 3 >> 4 >>
One Time Password Devices Demystified
• Have an assigned serial number which relates to user-id. For example, ndavis = serial QB43
• Device generates a new password every 30 seconds
• Server on other end knows what to expect from serial QB43 at any point in time
>> 0 >> 1 >> 2 >> 3 >> 4 >>
One Time Password Devices
• Time based• Event based• Sold by RSA, Vasco,
Verisign, Aladdin, Entrust and others
• How can event based OTPs be defeated?
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Entrust Identity Guard Can Be Beaten With a Photocopier!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
One Time Passwords - Benefits
• Provides true Dual Factor authentication, making it very difficult to share
• Constantly changing password means it can’t be stolen, shoulder surfed or sniffed
• Coolness factor!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
One Time Passwords - Drawbacks
• Cost!• Rank very low on the
washability index• Uncomfortable• Expiration• Battery Life• Can be forgotten at
home• Video 1
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Biometrics
• Use a unique part of your body to authenticate you, such as your voice pattern, your retina, or your fingerprint
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Biometrics Benefits
• Harder to steal than even a One Time Password since it is part of the user, not simply in their possession like and OTP device
• Absolute uniqueness of authentication factor
• Coolness factor
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Biometrics Drawbacks• Cost• Complexity of
Administration• Highly invasive• Not always reliable –
false negatives• Not foolproof• The Gummi Bear
thief!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Digital Certificates• A digital passport, either
contained on a secure device, or on a hard disk
• Secured with a password, making them truly a dual factor solution
• Can be used to authenticate machines as well as humans
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Digital Certificate Benefits
• True Dual Factor Authentication
• Low variable cost to produce
• Can contain authorization data as well as authentication data
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Digital Certificate Drawbacks
• High fixed cost to build initial infrastructure
• Can be copied and shared if not properly stored
• Expiration
• Often require access to an interface such as a card reader of USB port, not always available at kiosks
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Knowledge Based Authentication
• Authenticates the user via verification of life events, usually financial in nature, such as:
• Looks great at first!• However, most of this is public
information and that which isn’t public can be easily stolen
• The credit reports on which this knowledge based authentication is based are often contain factual errors
• Cost!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Steganography
• Steganography is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Encryption
• To encode information in such a way as to make it unreadable by anyone aside from its intended recipient
• Symmetric Encryption, where a single secret key is used for both encryption and decryption.
• Asymmetric Encryption, where a pair of keys is used -- one for Encryption and the other for Decryption.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Symmetric Encryption
• Simple substitution
C = 5
O = 1
W = 7
517 = COW• Shifting
Add two letters to each character (letter + 2)
AMU = COW (A + 2 = C, M + 2 = 0, etc)
Hmm, everything appears to = COW
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Advantages and Disadvantages of Symmetric Encryption
• Easy to use• Decryption key can be memorized• Easy to determine patterns and guess
decryption key (frequency of letters in the English language)
• Anyone with the key can decrypt the message even if it was not intended for them
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Asymmetric Encryption
• Uses one key to encrypt and a different key to decrypt
• Public key to encrypt
• Private key to decrypt
• Keys are related, but not the same
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Advantages and Disadvantages of Asymmetric Encryption• Much stronger, more complex keys
than used in symmetric encryption• Only the intended recipient can
REALLY read the message since only they possess the private key
• Far more complex than symmetric encryption, requires larger infrastructure to manage
• If private key is lost, you are out of luck
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Digital Certificates Do a Couple of Things
•Authentication
•Digital signing
•Encryption
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Public and Private Keys
The digital certificate has two parts, aPUBLIC key and a PRIVATE keyThe Public Key is distributed toeveryoneThe Private Key is held very closelyAnd NEVER sharedPublic Key is used for encryption andverification of a digital signaturePrivate Key is used for Digital signing anddecryption
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Public Key Cryptography
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Getting Someone’s Public Key
The Public Key must be shared to beUsefulIt can be included as part of yourEmail signatureIt can be looked up in an LDAPDirectoryCan you think of the advantages anddisadvantages of each method?
>> 0 >> 1 >> 2 >> 3 >> 4 >>
What is PKI?
• PKI is an acronym for Public Key Infrastructure
• It is the system which manages and controls the lifecycle of digital certificates
• The PKI has many features
>> 0 >> 1 >> 2 >> 3 >> 4 >>
What Is In a PKI?
• Credentialing of individuals
• Generating certificates
• Distributing certificates
• Keeping copies of certificates
• Reissuing certificates
• Revoking Certificates
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Keeping Copies – Key Escrow• Benefit –
Available in case of emergency
• Drawback – Can be stolen
• Compromise is the best!
• Use Audit Trails, separation of duties and good accounting controls for key escrow
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Certificate Renewal
• Just like your passport, digital certificates expire• This is for the safety of the organization and
those who do business with it• Short lifetime – more assurance of validity but a
pain to renew• Long lifetime – less assurance of validity, but
easier to manage• Use a Certificate Revocation List if you are
unsure of certificate validity
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Trusted Root Authorities
• A certificate issuer recognized by all computers around the globe
• Root certificates are stored in the computer’s central certificate store
• Requires a stringent audit and a lot of money!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
It Is All About Trust
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Digital Signing of Email
• Proves that the email came from you• Invalidates plausible denial• Proves through a checksum that the
contents of the email were not altered while in transit
• Provides a mechanism to distribute your public key
• Does NOT prove when you sent the email
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Social Engineering Defined
• The use of psychological tricks in order to get useful information about a system
• Using psychological tricks to build inappropriate trust relationships with insiders
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Kevin Mitnick
• World’s most famous Social Engineer
• “The weakest link in the security chain is the human element”
• Half of his exploits involved using social engineering
• See the master in action!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Social Engineering• Social Engineering goes back to
the first lie ever told and will continue into the future.
• Social Engineering is successful because people are generally helpful, especially to those who are:
• Nice
• Knowledgeable
• Insistent
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Three Primary Methods of Social Engineering
• Flattery
• Authority Impersonation
• Threatening Behavior
>> 0 >> 1 >> 2 >> 3 >> 4 >>
How to Keep Social Engineering From Working
• Administrators need to:
• Establish Policies
• Train Employees
• Run Drills
• Office Workers:
• Need to be aware of Social Engineering tactics
• Follow policies
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Road Apples• Road Apples are also known as
Baiting• Uses physical media and relies on the
curiosity or greed of the victim• USB drives or CDs found in the
parking lot, with label: 3M Executive Salaries
• Autorun on inserted media
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Digital Forensics• Defined: Pertains to legal
evidence found in computers and digital storage mediums.
• Goal: To explain the current state of a “digital artifact.”
• A digital artifact is a computer system, storage media (such as a hard disk or CD-ROM), an electronic document (e.g. an email message or JPEG image) or even a sequence of packets moving over a computer network.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Digital Forensics
• Can be as simple as retrieving a single piece of data
• Can be as complex as piecing together a trail of many digital artifacts
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Why Use Digital Forensics?
• In legal cases, computer forensic techniques are frequently used to analyze computer systems belonging to defendants (in criminal cases) or litigants (in civil cases).
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Why Use Digital Forensics?
• To recover data in the event of a hardware or software failure.
• To analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Why Use Digital Forensics?
• To gather evidence against an employee that an organization wishes to terminate.
• To gain information about how computer systems work for the purpose of debugging, performance optimization, or reverse-engineering.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Chain of Custody• “Chain of Custody” is a
fancy way of saying “The ability to demonstrate who has had access to the digital information being used as evidence”
• Special measures should be taken when conducting a forensic investigation if it is desired for the results to be used in a court of law.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Chain of Custody• One of the most important measures is to
assure that the evidence has been accurately collected and that there is a clear chain of custody from the scene of the crime to the investigator---and ultimately to the court.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
5 Steps in Performing Digital Forensics• Preparation (of
the investigator, not the data)
• Collection (the data)
• Examination
• Analysis
• Reporting
>> 0 >> 1 >> 2 >> 3 >> 4 >>
A Great Tool Which YOU Can Impress People With
• Knoppix
• An OS which runs directly from a CD
• Will not alter data on hard disk
• Great for grabbing copies of files from a hard disk!
• Can be loaded from a USB flash drive
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Knoppix• Can also scan RAM and Registry
information to show recently accessed web-based email sites and the login/password combination used. Additionally these tools can also yield login/password for recently access local email applications including MS Outlook.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Knoppix
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
What does an IDS Detect?
• Attacks against a specific service, such as File Transfer Protocol (FTP)
• Data driven attacks at the application layer. For example, SQL injection error could be used to crash an application.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
What Does and IDS Detect?
• Host Based Attacks (privilege escalation)
• Malware, Viruses, Trojan Horses, Worms
>> 0 >> 1 >> 2 >> 3 >> 4 >>
IDS Components• Sensors - Generate security
events such as log files• Console – Monitors events, alerts
and controls sensors• Engine – Analyzes the data using
artificial intelligence to generate alerts from the events received
• 3 in 1 (sometimes all three are in one appliance)
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Sensor, Looks Boring
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Types of Intrusion Detection Systems
• Network Based Intrusion Detection System (NDS)
• Protocol Based Intrusion Detection System (PIDS)
• Application Protocol Based Intrusion Detection System (APIDS)
• Host Based Intrusion Detection System (HIDS)
• Hybrid System
>> 0 >> 1 >> 2 >> 3 >> 4 >>
How Is A Firewall Different from and IDS?• Firewalls look outwardly and
protect from external attacks• An IDS evaluates a suspected
intrusion once it has taken place and signals an alarm.
• An IDS also watches for attacks that originate from within a system.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
What is a Denial of Service Attack Anyway?
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Unified Threat Management (UTM)
• Next generation devices
• Firewall
• Virus Scanning
• Content Filtering
• VPN
• Anti-Spam
• Intrusion Detection and Prevention
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Regulations• Knowing regulations is impressive to
employers, I’m not sure why…
• GLB, SOX and HIPAA all require similar things
• Authentication
• Auditing
• Protection
• Data Integrity Proof
• 80% 20% rule!!!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Full Disclosure
• Disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Full Disclosure
• The theory behind full disclosure is that releasing vulnerability information immediately results in quicker fixes and better security.
• Fixes are produced faster because vendors and authors are forced to respond in order to save face.
• Security is improved because the window of exposure, the amount of time the vulnerability is open to attack, is reduced.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Responsible Disclosure • Some believe that in the absence
of any public exploits for the problem, full and public disclosure should be preceded by disclosure of the vulnerability to the vendors or authors of the system. This private advance disclosure allows the vendor time to produce a fix or workaround.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Limited Disclosure • With full details going to a
restricted community of developers and vendors, and only the existence of the problem being released to the public, is another possible approach
• Nick doesn’t like Limited Disclosure
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Buffer Overflow • A condition where a
process attempts to store data beyond the boundaries of a fixed-length buffer.
• The result is that the extra data overwrites adjacent memory locations.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Buffer Overflow• The overwritten data may include other
buffers, variables and program flow data, and may result in erratic program behavior, a memory access exception, program termination (a crash), incorrect results or ― especially if deliberately caused by a malicious user ― a possible breach of system security.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Basic example • In the following example, a program has
defined two data items which are adjacent in memory: an 8-byte-long string buffer, A, and a two-byte integer, B. Initially, A contains nothing but zero bytes, and B contains the number 3. Characters are one byte wide.
A B
0 0 0 0 0 0 0 0 0 3
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Buffer Overflow Example
• Now, the program attempts to store the character string "excessive" in the A buffer, followed by a zero byte to mark the end of the string. By not checking the length of the string, it overwrites the value of B:
A B
'e' 'x' 'c' 'e' 's' 's' 'i' 'v' 'e' 0
>> 0 >> 1 >> 2 >> 3 >> 4 >>
SQL Injection • User input is either incorrectly filtered
for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
SQL Injection Humor
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Email Injection• A security vulnerability that can
occur in Internet applications that are used to send e-mail messages. Like SQL injection attacks, this vulnerability is one of a general class of vulnerabilities that occur when one programming language is embedded within another.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Directory Traversal• The goal of this attack is to order an
application to access a computer file that is not intended to be accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.
• Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Cross-Site Scripting • (XSS) is a type of computer security
vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Time-of-check-to-time-of-use
• TOCTTOU − pronounced "TOCK too") is a software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. It is a kind of race condition.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Confused Deputy
• A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority. It is a specific type of privilege escalation. In information security, the confused deputy problem is often cited as an example of why capability-based security is important.
• Billing example
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Blaming The Victim
• Prompting a user to make a security decision without giving the user enough information to answer it.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Physical Security • Physical security
describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elaborate as multiple layers of armed guardposts.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
3 Elements to Physical Security
• Obstacles, to frustrate trivial attackers and delay serious ones;
• Alarms, security lighting, security guard patrols or closed-circuit television cameras, to make it likely that attacks will be noticed; and
• Security response, to repel, catch or frustrate attackers when an attack is detected.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
4 Layers to Physical Security
• Environmental design
• Mechanical and electronic access control
• Intrusion detection
• Video monitoring
>> 0 >> 1 >> 2 >> 3 >> 4 >>
What Are Physical Security Goals?
• The goal is to convince potential attackers that the likely costs of attack exceed the value of making the attack.
• If you are unable to convince them, then the second goal comes into play—to keep them from entering
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Layer One - Physical• The initial layer of security for a campus,
building, office, or physical space uses Crime Prevention Through Environmental Design to deter threats. Some of the most common examples are also the most basic - barbed wire, warning signs and fencing, concrete bollards, metal barriers, vehicle height-restrictors, site lighting and trenches.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Layer Two - Mechanical• Includes gates, doors, and locks. • Key control of the locks becomes a problem
with large user populations and any user turnover.
• Keys quickly become unmanageable forcing the adoption of electronic access control.
• Electronic access control easily manages large user populations, controlling for user lifecycles times, dates, and individual access points.
• For example a user's access rights could allow access from 0700 to 1900 Monday through Friday and expires in 90 days.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Layer Three – Intrusion Detection
• Monitors for attacks. It is less a preventative measure and more of a response measure, although some would argue that it is a deterrent. Intrusion detection has a high incidence of false alarms. In many jurisdictions, law enforcement will not respond to alarms from intrusion detection systems.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
Layer Four - Monitoring• Typically video monitoring systems. Like
intrusion detection, these are not much of a deterrent.
• Video monitoring systems are more useful for incident verification and historical analysis.
• For instance, if alarms are being generated and there is a camera in place, the camera could be viewed to verify the alarms.
• In instances when an attack has already occurred and a camera is in place at the point of attack, the recorded video can be reviewed.
• Monitoring is ALWAYS active
>> 0 >> 1 >> 2 >> 3 >> 4 >>
• Have you done the readings?
• It might be a good idea…
top related