Principles of computer security and market developments - 1 February 2012 - Blog - | LINUX - SECURITY |
Saturday, 2016-12-03, 6:37 PM
Welcome Guest | RSS
Statistics

Total online: 1
Guests: 1
Users: 0
Site menu
Our Documentations
1* METASPLOIT
Blog Category
# Only for beginners [39]
This category contains some introductions and tutorials about UBUNTU and BACKTRACK for those who just start using LINUX.
# Computer Security [11]
In this category, you will find all courses about the Informatique Security
# LINUX [2]
EVERYTHING ABOUT LINUX - UBUNTU & BACKTRACK - (NEWS, VIDEOS, TUTORIALS, ... )
# BackTrack 5 Tutorials [6]
In this categorie, I will post all tutorials about BackTrack5 (Installation, Configuration, Update, Hacking...)
# TechnicDynamic Tutorials [12]
Technic Dynamic is a source of education focused in the following categories of technology: (Computer - Design - Gadgets - Networking - Security) Link : http://technicdynamic.com
# Vishnuvalentino Tutorials [2]
He is a computer security specialist, and also freelance website designer. Read more : http://vishnuvalentino.com/about/
# Hackers News [6]
All news about the hackers of the world ...
# Tools [18]
All Security Tools
MEMES PICTURES [0]
Entries archive
Shopping


Follow us
facebook
Main » 2012 » February » 1 » Principles of computer security and market developments
4:36 PM
Principles of computer security and market developments
Principles of computer security and market developments

Introduction

There are currently too often security architectures based solely on the prevention and perimeter defense. There are many other elements to compose a security architecture. Any security architecture (and more generally the same approach to security) must be based on a triptych as:

  • Prevention
  • Detection
  • Reaction

These three aspects are currently covered very differently by the market despite an undeniable necessity.


Prevention

Prevention is fundamental and is generally well understood by many. The principle: do everything you need to protect themselves. It is most often to adopt the following approach:

  1. Risk Analysis
  2. Defining a security policy
  3. Implementation of a solution focused on one or more firewalls.
  4. Audit of the solution
  5. Updates

The market today cover very well this approach: the consulting firms are very active in the risk analysis. Integrators propose and implement solutions with a vengeance. Companies specialize in security audits, others make the technological safe and can trigger updates (usually performed by the integrator).

Detection

The principle is to be able to detect when preventive measures are taken in default. Detection, although some technical tools available, is too rarely integrated infrastructure. It is true that integrators often provide these tools in the development of internet infrastructure, but their deployment is marginal in addition to these specific projects. In addition, at present a severe lack of jurisdiction is to be deplored.There are still too few people trained in this type of tool. Detection requires continuous monitoring of the status of system and mechanisms to protect the dissemination of alerts.


Reaction

While it is important to know that an attack is in progress or that an attack was successful it is even more important to provide the means to react to this fact. This is the most neglected even in the current major players in IT security. Yet it is not possible to forget the creed of all consultants in risk analysis: "zero risk does not exist" or "there is no absolute security." Should always anticipate and prepare for the worst. This involves the implementation of operating procedures specific to the reaction in case of attack, writing and testing a continuity plan to use in case of serious disaster. It is also important to have tools to share any information collected may be necessary in the event of legal action. A framework should also be provided at the level of responsibility and because of this insurance contracts should take into account the risk posed by pirates. The market covers this issue very badly right now. There are very few companies offering a real investigation of incidents. Moreover, even if some law firms specializing in Internet law, the coverage of IT risk and the definition of "evidence" in cases of computer crimes are still unclear.


Conclusion

The consideration of security issues is currently underway in France in the vast majority of businesses but for now the means used are not always sufficient. To support companies in their process of securing the market, high growth was first organized in the area of ​​prevention. However, many questions remain unanswered when it comes to detection and response. These two areas that affect the daily operations (or operation) security infrastructure are still full of promise but also of concern to the various players in IT security.

Category: # Computer Security | Views: 369 | Added by: Administrator | Rating: 0.0/0
Total comments: 0
Name *:
Email *:
Code *:
Visitors

Share This On:
Google Translator
Search
Login form
Our poll
Rate my site
Total of answers: 17
Clock & Calendar

«  February 2012  »
SuMoTuWeThFrSa
   1234
567891011
12131415161718
19202122232425
26272829