A SECURITY ARCHITECTURE FOR OPEN SYSTEMS
In order to effectively assess an organisation's security requirements and to evaluate and select various security products and policies, the manager responsible for security needs a systematic way to define security requirements and to characterise approaches to meeting those requirements. This is quite difficult in a centralised computing environment; the problem is magnified when using local and wide area networks.
 |
| What are the types in OSI security architecture? |
The ITU-T Recommendation 4 X.800, Security Architecture for OSI, defines this systematic approach. The OSI security architecture is useful for managers to organise the task of providing security.Because this architecture was developed as an international standard, computer and communications vendors have also developed security features for their products and services that relate to this structured definition of services and mechanisms.
Although X.800 focuses on security related to networks and communications, the concepts apply to computer security as well. The OSI security architecture focuses on security attacks, mechanisms and services.These can be briefly defined as follows:
Security Attack
Any action that compromises the security of information held by an organization
Security Mechanism:
A mechanism for detecting, preventing, or recovering from a security attack.
service that enhances the security of an organisation's data processing systems and information transmissions. Services are designed to counteract security attacks and use one or more security mechanisms to provide the service.
The subsection on threats to communications lines and networks in Section 1.2 is based on the X.800 categorization of security threats. The next two sections examine security services and mechanisms using the X.800 architecture.
Security service:
X.800 defines a security service as a service provided by an open system communication protocol layer that ensures appropriate security of systems or data transmissions. A clearer definition can be found in RFC 2828, which includes the following definition: a processing or communication service provided by a system to provide some type of protection to system resources; Security services implement security policies and are implemented through security mechanisms.X.800 divides these services into 6 categories and 14 specific services. We consider each category in turn. 5 Note that X.800 is primarily geared towards networked and distributed systems and therefore puts network security ahead of the IT security of a single system.
AUTHENTICATION
The authentication service ensures that a communication is authentic. In the case of a single message, such as a warning voice alert, the role of the authentication service is to assure the recipient that the message came from the purported source. In the case of an ongoing interaction, such as connecting a terminal to a host, there are two aspects involved. First, the moment the connection is initiated, the service ensures that the two entities are authentic, that is, that each is who it claims to be. Second, the service must ensure that the connection is not disrupted in a way that would allow a third party to impersonate either legitimate for unauthorised transmission or reception.
Two specific authentication services are defined in the standard:
Peer Entity Authentication:
Provides verification of the identity of a peer entity in a connection. Two entities are considered peers if they implement the same protocol on different systems (e.g. two TCP users on two communicating systems). Peer entity authentication is provided for use when establishing or sometimes during the data transfer phase of a connection.Attempts to establish trust that an entity will not perform unauthorized masking or retry of a previous connection.
Data Lineage Authentication:
Provides verification of the lineage of a data entity. It does not provide protection against duplication or modification of data drives. This type of service supports applications such as email where there are no prior interactions between the communicating entities
Continued in next post click here
ليست هناك تعليقات:
إرسال تعليق