IT Vocab • IT = information technology • Server • Public – open access • Private – limited access • Client or host • Thin - diskless • Workstation – fully functioning computer system
IT Vocab • A computing system : a configuration of one or more computers along with the software and data.
IT Vocab • Subject – a person or process • Object – assets like data, applications, documentation, hardware.
Tenets of IT Security CS5493
A I C • Availability – assets are available in a timeframe where it matters. • Integrity – assets remain in their legitimate expected state. • Confidentiality - assets are accessed only by authorized subjects.
What are assets? • An asset is something of value: • Hardware • Software • Data • Employees • Equipment • Reputation • Infrastructure
AIC and Threat Categories • Denial or destruction threats • Alteration threats • Improper disclosure threats
The Domains of IT Infrastructure • User domain • Workstation domain • LAN domain • LAN-to-WAN domain • WAN domain • Remote Access domain • Server (System)/Application domain
Domain Breakdown • The IT infrastructure is broken into different domains so security policy can be organized effectively.
IT Domain Security Policy • A comprehensive security plan can be devised by considering each separate domain. • Identify the threats and vulnerabilities • Devise a strategy for eliminating the vulnerabilities.
Vulnerabilities Examples: • User – lack of awareness or concern for security policy. • Workstation domain – unauthorized access • LAN – spreading of malicious software • WAN – malicious attacks by anonymous sources • Remote access – Data leakage due to loss or theft of electronic devise • Server/App – Data loss due to software and hardware failures.
Domain Threat Targets • User – misuse of resources, social engineering • Workstation – OS, applications • LAN – hubs, cables, supporting software, etc. • WAN – routers, firewalls, supporting software, etc. • Remote Access – VPN • Server Application – e-mail, file services, database, etc.