4. BASTION HOST:
A bastion host is a gateway between an inside network and an ouside network.
It is designed to protect against attacks aimed at the inside network.
It is a system identified by the firewall administrator as a critical strong point
in the network security.
A bastion host is a specialized computer that is deliberately
exposed on a public network.
It sits between two networks (i.e)one is trusted and another one is untrusted.
Regulates traffic between those networks.
5.
6. ACCESS CONTROL:
Access Control are the rules written out that determine whether
network access should be granted or rejected to specific IP addresses.
Access control identify the system user.
The basic elements of access control are:
Subject: An entity (typically a process) capable of accessing objects.
Object: Anything to which access is controlled.
7. Bell-La Padula (BLP) is a MAC policy for protecting secrets.
Bell-La padula Rules:
Simple Security Property: S can read O if l(S)≥l(O).
Star Property: S can write O if l(O)≥l(S).
8. Another widely applicable requirement is to protect data or resources on
the basis of levels of security is the trusted computer systems.
This is commonly found in millitary where information are classified as
unclassified (U)
confidential (C)
secret (S)
top secret (TS)
This is also known as multilevel security.
9. Common Criteria is a framework in which computer system users
can specify their security functional and assurance requirement.
The CC defines a common set of potential security
requirements for use in evaluation.
The term target of evaluation (TOE) refers to that part of the
product or system that is subject to evaluation.
Common Criteria specifies standards for
Evaluation Criteria.
Methodology for Application of Criteria.
Administrative Procedures for Evaluation.
Certification and Accreditation Schemes.
10. COMMON CRITERIA REQUIREMENTS:
There are two requirements in Common Criteria:
Functional Requirements:
security audit
crypto support
communications
user data protection
identification & authentication
security management
privacy
Protection
trusted path
Assurance Requirements:
configuration management
delivery & operation
Development
guidance document
life cycle support
11.
12. PROTECTION PROFILES (PPs):
It define an implementation-independent reusable set of security
requirements and objectives for a category of products or systems.
That meet similar consumer needs for IT security, reflecting user security
requirements.
SECURITY TARGETS (STs):
It contain the IT security objectives and requirements of a specific
identified TOE.
Defines the functional and assurance measures offered by that TOE to meet
stated requirements, and forms the basis for an evaluation.