Monday, May 23, 2022

Computer Security models

In particular, the security model defines the relationship between important security aspects and operating system performance. The computer security model is a scheme for establishing and enforcing security policies. The security model may be based on a formal access right model, computational model, distributed computing model, or it may have no specific rationale. Here are some security models.



Bell-LaPadula Model:


The BellLaPadula model was originally developed by the US Department of Defense (DoD). This model is the first mathematical model of a layered security policy that explains the concept of secure states and forced access methods. This ensures that data flows only in a way that is designed to be confidential without interrupting system policies.


The BellLaPadula has several rules and properties defined below.


Simple security features: "Do not read safely". A subject with a specific clearance level that cannot read higher classification level objects. For example, a subject with secret clearance cannot be reached by a top secret object.


Security Asset: "Don't Write"; This is a higher release level topic and cannot be described at a lower classification level. For example, a subject that subscribes to a higher-class secret system cannot forward email to the secret system.


Strong Quiet Characteristics: The security label does not change while the system is functioning.


Weak hibernate property: Security tags are not modified to conflict with well-defined security properties.



Biba Model:

The Biba model is a bit like BLP, but it doesn't focus on confidentiality. Consistency is the main focus of the Biba model and is often used for consistency where confidentiality is more important. It's easy to think of reversing the BLP implementation. Confidentiality is a major concern of many governments, but most companies want to ensure that data security integrity is maintained at the highest level. Biba is the pattern of choice when guaranteeing integrity is important. The two main rules of the Biba model are the simple axiom of completeness and the axiom of completeness.


Simple Integrity Axiom: (No reading) Subjects with a certain clearance level will not be able to read lower classification information. This helps subjects access important data with a lower level of integrity. This prevents malicious information from low integrity levels from working and ensures integrity.


Consistency Axiom: (No Write) Release level subjects cannot write information to higher classifications. This allows subjects to share important information up to a higher level of integrity than change releases. This protects integrity by preventing defective materials from advancing to higher levels of integrity.



Clark Wilson Model:


The Clark-Wilson model deals with two types of objects, one of which is called CDI and UDI. H. Restricted and unrestricted data items. There are also two types of relationships. One is IVP, which means the integrity check procedure, and the other is TP. H. Transaction procedure. The role of the IVP is to ensure that the TP that causes the CDI is functioning properly and has a valid conversion certificate for all TPs. Only TPs approved can control the CDI here. In other words, this integrity model must be properly implemented to protect the integrity of information and ensure properly formatted transactions.



Brewer and Nash Model:


Also known as the Great Wall model, this model is used to avoid conflicts of interest by allowing the following people: B. Consultant, registration with multiple COIs d. H. Conflicting interest categories are prohibited. Changes to access control policies depend on user behavior. This means that the person who accesses the information cannot access the other person's data or the same person's data is not available.



Harrison Ruzzo Ullman Model:


The Harrison Luzzo Ulman model is also considered an addendum to the BLP model. The BellLaPadula model does not have a system for changing permissions or creating and deleting subjects and objects. The Harrison Ruzzo Ullman model addresses these issues by approving access assignment structures and verifying compliance with specified policies, thereby preventing unauthorized access. The Harrison Ruzzo Ullman model can be implemented via access control or feature lists.

Tuesday, May 17, 2022

Firewall and packet filters

A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on your organization's pre-determined security policies. Basically, a firewall is basically a barrier between your private internal network and the public Internet.

Packet filtering is a firewall technology used to monitor outgoing and incoming packets and control network access by allowing or stopping packets based on source and destination IP addresses, protocols, and ports.

Firewalls have been the first and most reliable line of defense in network security for over 30 years. Firewalls first appeared in the late 1980s. They were initially thought of as packet filters. These packet filters were nothing more than network settings between computers. The main function of these packet filtering firewalls was to look for packets or bytes sent between different computers. Although firewalls are becoming more sophisticated due to ongoing development, such packet filter firewalls are still used in legacy systems. When technology was introduced, GilShwed of Check Point Technologies introduced the first stateful inspection firewall in 1993. It was named FireWall1. In 2000, Netscreen released a dedicated firewall appliance. With faster internet speeds, lower latency, and higher throughput at lower cost, it became popular and was quickly adopted by businesses.

How a Firewall Protects a Network?

The firewall system analyzes network traffic based on predefined rules. Then filter the traffic to prevent it from coming from untrusted or suspicious sources. Allow only inbound traffic that is configured to accept. Normally, a firewall intercepts network traffic at a computer entry point called a port. Firewalls perform this task by allowing or blocking certain data packets (a unit of communication sent over a digital network) based on predefined security rules. Inbound traffic is only allowed from trusted IP addresses or sources.

Search Aptipedia