The National Academies Press

Currently Skimming:

Concepts of Information Security
Pages 49-73

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 49... ... These three requirements may be emphasized differently in various applications. For a national defense system, the chief concern may be ensuring the confidentiality of classified information, whereas a funds transfer system may require strong integrity controls. Read the entire page →
From page 50... ... Implicit in this process is management's choice of a level of residual risk that it will live with, a level that varies among organizations. Management controls are the mechanisms and techniques administrative, procedural, and technical that are instituted to implement a security policy. Read the entire page →
From page 51... ... Although the Department of Defense (DOD) has articulated its requirements for controls to ensure confidentiality, there is no articulation for systems based on other requirements and management controls (discussed below) Read the entire page →
From page 52... ... Ad hoc virus checkers, well known in the personal computer market, are also in demand. However, there is little demand for system managers to be able to obtain positive confirmation that the software running on their systems today is the same as what was running yesterday. Read the entire page →
From page 53... ... A hospital must thus select a suitable confidentiality policy to uphold its fiduciary responsibility with respect to patient records. In the commercial world confidentiality is customarily guarded by security mechanisms that are less stringent than those of the national security community. Read the entire page →
From page 54... ... In this case, although the policy is stated operationally that is, in terms of specific management controls" the threat model is explicitly disclosed as well. Other integrity policies reflect concerns for preventing errors and omissions, and controlling the effects of program change. Read the entire page →
From page 55... ... This policy means that the up time at each terminal, averaged over all the terminals, must be at least 99.98 percent. A security policy to ensure availability usually takes a different form, as in the following example: "No inputs to the system by any user who is not an authorized administrator shall cause the system to cease serving some other user." Note that this policy does not say anything about system failures, except to the extent that they can be caused by user actions. Read the entire page →
From page 56... ... MANAGEMENT CONTROLS-CHOOSING THE MEANS TO SECURE INFORMATION AND OPERATIONS The setting of security policy is a basic responsibility of management within an organization. Management has a duty to preserve and protect assets and to maintain the quality of service. Read the entire page →
From page 57... ... To support the principle of individual accountability, the service called user authentication is required. Without reliable identification, there can be no accountability. Read the entire page →
From page 58... ... Static audit services may check that software has not changed, that file access controls are properly set, that obsolete user accounts have been turned off, that incoming and outgoing communications lines are correctly enabled, that passwords are hard to guess, and so on. Aside from virus checkers, few static audit tools exist in the market. Read the entire page →
From page 59... ... DEVELOPING POLICIES AND APPROPRIATE CONTROLS Ideally a comprehensive spectrum of security measures would ensure that the confidentiality, integrity, and availability of computerbased systems were appropriately maintained. In practice it is not possible to make ironclad guarantees. Read the entire page →
From page 60... ... The computer industry can be expected to respond to clearly articulated security needs provided that such needs apply to a broad enough base of customers. This has happened with the Orange Book vis a vis the defense community -- but slowly, because vendors were not convinced the customer base was large enough crated investments in trust technoln~v to warrant accel ,=d, However, for many of the management controls discussed above, Read the entire page →
From page 61... ... For instance, customers appear to demand passwordbased authentication because it is available, not because analysis has shown that this relatively weak mechanism provides enough protection. This effect works in both directions: a service is not demanded if it is not available, but once it becomes available somewhere, it soon becomes wanted everywhere. Read the entire page →
From page 62... ... , and used Trojan horses to capture passwords. The Internet worm of November 1988 exploited weak password mechanisms and design and implementation flaws in mailhandling and information-service programs to propagate itself from machine to machine (Rochlis and Eichin, 1989; Spafford, l989a,b) Read the entire page →
From page 63... ... It is common commercial practice to trust that common carriers transmit faithfully, but for funds transfer such trust is judged to be imprudent, and cryptographic methods are used to ensure that the carrier need not be trusted for the integrity of funds transfer (although it is still trusted to ensure availability) Read the entire page →
From page 64... ... The Internet worm has received considerable attention by computing professionals, security experts, and the general public, thanks to the abundant publicity about the incident, the divided opinions within the computer community about the impact of the incident, and a general recognition that the Internet worm incident has il lum inated the potential for damage from more dangerous attacks as society becomes more dependent on computer networks The incident triggered the establishment of numerous computer emergency response teams (CERTs) , starting with DARPA's CERT for the Internet; a reevaluation of ethics for computer professionals and users; and, at least temporarily, a general tightening of security in corporate and government networks. Read the entire page →
From page 65... ... SECURING THE WHOLE SYSTEM Because security is a weak-link phenomenon, a security program must be multidimensional. Regardless of security policy goals, one cannot completely ignore any of the three major requirements confidentiality, integrity, and availability which support one another. Read the entire page →
From page 66... ... Protection of Information About Individuals The need to protect personal information is addressed in several laws, notably including the Privacy Act of 1974 (P.L. 93-579~, which was enacted during a period of international concern about privacy triggered by advancing computerization of personal data.7 A number of authors who have written on the subject believe that privacy protections are stronger in other countries (Turn, 1990; Flaherty, 1990~. Read the entire page →
From page 67... ... Even where most organizations make a reasonable, conscientious effort to protect the privacy of personal information residing in their computing systems, compromisable system and data access controls often allow intruders to violate personal privacy. For example, a survey of 178 federal agencies by the General Accounting Office revealed 34 known breaches in computerized systems containing personal information in fiscal years 1988 and 1989; 30 of those incidents involved unauthorized access to the information by individuals otherwise authorized to use the systems (GAO, 1990e) Read the entire page →
From page 68... ... How, for example, can management ensure that its computer facilities are being used only for legitimate business purposes if the computer system contains security features that limit access to the files of individuals? Typically, a system administrator has access to everything on a system. Read the entire page →
From page 69... ... Within these categories an even distribution of companies was achieved, and interviewees were distributed geographically. Individuals were asked what basic security features should be built into vendor systems (essential features) Read the entire page →
From page 70... ... User Verification or Authentication All interviewees believed that preventing the reuse of expired passwords, having the system force password changes, having the password always prompted for, and having the ID and password verified at sign-on time were all essential security measures. Ninety-seven percent judged as essential the capabilities to implement a password of six or more alphanumeric characters and to have passwords stored encrypted on the system. Read the entire page →
From page 71... ... Telecommunications and Networking More than 95 percent of the interviewees believed that network security monitoring; bridge' router, and gateway filtering; and dialin user authentication should be essential features. Also, 90 percent wanted a modem-locking device as a mandatory feature. Read the entire page →
From page 72... ... NOTES 1. Some documentation can be found in the [Defense Advanced Research Projects Agency Computer Emergency Response Team advisories, which are distributed to system managers and in a variety of electronic newsletters and bulletin boards. Read the entire page →
From page 73... ... 1100 et seq.) , the Electronic Funds Transfer Act of 1978 (15 U.S.C. Read the entire page →

From page 49...

... These three requirements may be emphasized differently in various applications. For a national defense system, the chief concern may be ensuring the confidentiality of classified information, whereas a funds transfer system may require strong integrity controls.

Concepts of Information Security Pages 49-73

Concepts of Information Security
Pages 49-73