Documentos de Académico
Documentos de Profesional
Documentos de Cultura
1 Data security
Information/data security
IT Security
in
Information security is concerned with the confidentiality, integrity and availability
sa
of data regardless of the form the data may take: electronic, print, or other forms.
Computer security can focus on ensuring the availability and correct operation of a
us
computer system without concern for the information stored or processed by the
computer.
H
Confidentiality
a q
merchant and from the Merchant to a transaction processing network. The system
-M
in
1.Authentication and Authorization
sa
Remove or disable accounts upon loss of eligibility: Accounts which are no longer
us
needed must be disabled in a timely fashion using an automated or documented
procedure.
H
Separate user and administrator accounts: Administrator accounts must not be
used for non-administrative purposes. System administrators must be provisioned
a q
unique passwords that are not shared among multiple systems. Credentials which
are managed centrally, such as the NetID/password combination, are considered a
-M
single account, regardless of how many systems they provide access to.
Throttle repeated unsuccessful login-attempts: A maximum rate for unsuccessful
M
login attempts must be enforced. Account lockout is not required, but the rate of
unsuccessful logins must be limited.
Enable session timeout: Sessions must be locked or closed after some reasonable
period.
Enforce least privilege: Non-administrative accounts must be used whenever
possible. User accounts and server processes must be granted the least-possible
level of privilege that allows them to perform their function.
2. Firewall
Systems must be protected by a firewall that allows only those incoming
connections necessary to fulfill the business needs of that system. Client systems
which have no business need to provide network services must deny all incoming
connections. Systems that provide network services must limit access to those
services to the smallest reasonably manageable group of hosts that need to reach
them.
in
sa
3.Password Protection
us
All accounts and resources must be protected by passwords which meet the
H
following requirements, which must be automatically enforced by the system:
Must be at least eight characters long.
q
upper case letters, lower case letters, numbers, and special characters, such
as ! @#$%^&*.
-M
in
the same time. If one disk fails, the other continues to operate and provide
access for users. Server mirroring provides the same functionality, except
sa
that an entire server is duplicated. This strategy allows users to continue
accessing data if one of the servers fails. See "Fault Tolerance and High
us
Availability" for additional information on these strategies.
H
Replication copies information to alternate servers on distributed networks to
make that information more readily available to people in other locations.
q
remote servers can be made available to local users if the server close to
ht
backups. They may be entire data centers that can be brought online when
the primary data center goes offline in the event of a major disaster.
M
Encryption
Encryption involves applying a mathematical function, using a key value, to a
message that can only be read by the sender and the intended receiver. There
are many techniques for this. There are a number of terms used with
encryption.
Plain text describes the original unaltered text as created by the sender.
Encryption algorithm is the calculation which is used to change the plain
text into the encrypted text
Cipher text is the message text after the encryption has been performed
Decryption is the process of converting the message text back to the
original pliant text
Symmetric encryption
It is the simplest technique for encryption. The same algorithm and key is used
for both encryption and decryption. The receiver therefore must be in possession
of both the algorithm and the key in order to decrypt the cipher text.
in
sa
us
H
a q
ht
us
-M
M
in
number. Each person has a unique national insurance number, but they all have
the same format of characters, 2 letters followed by 6 digits followed by a single
sa
letter. If the computer knows this rule then it knows what the format of a NI
number is and would reject ABC12345Z because it is in the wrong format, it
breaks the rule. us
H
4. Length check. A NI number has 9 characters, if more or fewer than 9
characters are keyed in then the data cannot be accurate.
q
5. Existence check. A bar code is read at a supermarket check-out till. The code is
a
sent to the main computer which will search for that code on the stock file. If
ht
the code is found in the stock file then it is known to exist and is accepted.
us
6. Check digit. When the code is read on the item at the supermarket, it consists
of numbers. One number is special; it is called the check digit. If the other
-M
numbers have some arithmetic done to them using a simple algorithm the
answer should be this special digit. When the code is read at the check-out till, if
M
the arithmetic does not give the check digit it must have been read wrongly, it is
at this point that the beeping sound would normally be heard if everything is
alright.
7. Presence check. A value must be present when filling in an online form, the
system does not allow the user to progress to the next data item unless some
input to the present value is provided. (Be careful about distinguishing between
existence and presence checks, they are often confused by candidates in exam
questions)
8. Uniqueness check: This check makes sure that a certain field is unique.
9. List check: only a limited number of values are allowed e.g. the gender of a
person must be M or F, usually implemented by drop down list.
in
Parity check
sa
A parity check involves checking that the number of 1 bits in a byte totals to an
even number (called even parity) or an odd number (called odd parity).
us
If two devices that are communicating decide to use off parity, there must
always be an odd number of 1s,an error must have occurred .e.g. the byte
H
01011000 is sent, it has three 1 bits so it passes the odd parity check. When it
q
is transmitted the byte received is 11011000.this has four 1 bits, which is an
a
even number so there must have been an error in transmission. The receiving
ht
CPU.
-M
If two mistakes are made in the same byte they cancel each other out and the
faulty data are accepted. This problem can be overcome using parity blocks.
Parity block
M
It is a group of byte with an additional parity byte. The data bytes and parity
bytes are together called parity block
Echoing back
The simplest way of checking the transfer of the data is to send the data back
again. If the data sent back are the same as the data sent in the first place then
the original data must have reached the destination unaltered. If not, the data
must be sent again. This is known as echoing back. This method is very
in
effective, but suffers from having to send data twice. The transmission mode
sa
needs to be either duplex or half duplex to allow data transfer in both directions.
us
H
a q
ht
us
-M
M