Information Technology Reference
In-Depth Information
individual security mechanisms. LAN security services with their associated mech-
anisms include:
n
−
n
−
n
−
n
−
n
−
Traffic filtering
Firewalls
Protect against inadvertent and purposeful penetration by cyber-nasties
Anti-virus/anti-malware
Appropriate use of LAN resources
Content filtering
Secure LAN traffic
Encryption (at the application layer, not network)
Authorize access
Authentication
Identity
Privilege
Audit trails and forensic analysis
Logging/log management
Real-time awareness of LAN activity
Intrusion detection system
Real-time monitoring/alerting
n
n
n
−
n
−
−
Service aggregation involves segmenting the LAN with security boundaries,
establishing policy on what technical and business services may reside in each
boundary, establishing policy on interboundary communications, and implement-
ing a combination of the above security services and mechanisms to facilitate and
enforce the policies.
Evaluating IA
2
against LAN security highlights the need for a meta-view of the
IA infrastructure and the need to provide for logging, log management, forensic
analysis, real-time monitoring, and real-time alerts.
9.15 Cryptography
Plain text is text conveyed in its native language and a form that is understandable
to a literate reader with a degree of fluency in that language. Cryptography modifies
plain text such that the original message is now hidden and not readily understand-
able by the reader. The process of encrypting a plaintext message into cipher text
may use a simple mathematical formula or a simple letter substitution. These basic
cryptographic variations are easily broken and the hidden message easily decrypted.
Cryptography as used by national governments to transmit national secrets employs
quite complex mathematical formulae. PKI uses a very complex mathematical pro-
cess to generate public/private keys whose relationships are mathematically based.
Drivers behind the use of cryptography include business requirements surrounding
