In addition to the CIA Triad, you need to consider a plethora(过多的) of other security-related concepts and principles when designing a security policy and deploying a security solution. These include the DAD Triad, the risks of overprotection, authenticity, nonrepudiation, and AAA services.
除了CIA三元组外,在设计安全策略和部署安全解决方案时,你还需要考虑大量其他与安全有关的概念和原则。这些包括DAD三要素、过度保护的风险、真实性、不可抵赖性和AAA服务。
披露、篡改和破坏
One interesting security concept is the opposite of the CIA Triad, which is the DAD Triad. Disclosure,alteration, and destruction make up the DAD Triad. The DAD Triad represents the failures of security protections in the CIA Triad. It may be useful to recognize what to look for when a security mechanism fails.
Disclosure occurs when sensitive or confidential material is accessed by unauthorized entities, it is a violation of confidentiality.
Alternation occurs when data is either maliciously or accidentally changed, it is a violation of integrity.
Destruction occurs when a resource is damaged or made inaccessible to authorized users (technically we usually call the laterdenial of service (DoS)), it is a violation of availability.
一个有趣的安全概念是与CIA Triad相反的,也就是DAD Triad。披露、篡改和破坏构成了DAD三元组。DAD三元组代表了CIA三元组中安全保护的失败。认识到当一个安全机制失败时应该注意什么可能是有用的。当敏感或机密材料被未经授权的实体访问时,就会发生泄露,这是对保密性的侵犯。当数据被恶意或意外地改变时,就会发生交替现象,这是对完整性的侵犯。当一个资源被破坏或被授权用户无法访问时,就会发生破坏行为(技术上我们通常称之为拒绝服务(DoS)),这是对可用性的一种侵犯。
过度保护
真实性
AAA(认证、授权、核算/审计)服务
Identification:Identification is claiming to be an identity when attempting to access a secured area or system.
Authentication:Authentication is proving that you are that claimed identity.
Authorization:Authorization is defining the permissions (i.e., allow/grant and/or deny) of aresource and object access for a specific identity or subject.
Auditing:Auditing is recording alog of the events and activities related to the system and subjects.
Accounting: Accounting (aka accountability) isreviewing log files to check for compliance and violations in order to holdsubjects accountable for their actions, especially violations of organizationalsecurity policy.
识别是指在试图进入一个安全区域或系统时声称自己是一个身份。
认证是证明你是那个声称的身份。
授权 是为特定身份或主体定义资源和对象访问的权限(即允许/授予和/或拒绝)。
审计是记录与系统和主体有关的事件和活动的日志。
核算(又称问责)是指审查日志文件,检查合规性和违规情况,以使主体对其行为负责,特别是对违反组织安全政策的行为负责。
Identification识别
A subject must perform identification tostart the process of authentication, authorization, and accountability (AAA).Providing an identity can involve typing in a username; swiping a smartcard;waving a proximity device; speaking a phrase; or positioning your face, hand,or finger for a camera or scanning device. Without an identity, a system has noway to correlate an authentication factor with the subject.
一个主体必须进行身份识别,以启动认证、授权和问责(AAA)过程。提供一个身份可以包括输入一个用户名;刷智能卡;挥动一个接近设备;说一个短语;或者把你的脸、手或手指放在一个摄像头或扫描设备上。没有身份,系统就没有办法将认证因素与主体联系起来。
Once a subject has been identified (that is, once the subject’s identity has been recognized andverified), the identity is accountable for any further actions by that subject.IT systems track activity by identities, not by the subjects themselves. A computer doesn’t know one individual from another, but it does know that your user account is different from all other user accounts. Simply claiming an identity does not imply access or authority. The identity must be proven before use.That process is authentication.
一旦一个主体被识别(也就是说,一旦主体的身份被识别和验证),该身份就要对该主体的任何进一步行动负责。IT系统按身份追踪活动,而不是按主体本身。计算机不知道一个人和另一个人,但它知道你的用户账户与所有其他用户账户不同。简单地声称一个身份并不意味着访问或授权。身份在使用前必须被证明。这个过程就是认证。
Authentication认证
The process of verifying whether a claimedidentity is valid is authentication. Authentication requires the subject to provide additional information that corresponds to the identity they are claiming. The most common form of authentication is using a password.Authentication verifies the identity of the subject by comparing one or morefactors against the database of valid identities (that is, user accounts). The capability of the subject and system to maintain the secrecy of the authentication factors for identities directly reflects the level of securityof that system.
验证所声称的身份是否有效的过程就是认证。认证要求主体提供与他们所声称的身份相对应的额外信息。最常见的认证形式是使用密码。认证通过将一个或多个因素与有效身份的数据库(即用户账户)进行比较来验证主体的身份。主体和系统对身份认证因素进行保密的能力直接反映了该系统的安全水平。
Identification and authentication are often used together as a single two-step process. Providing an identity is the first step, and providing the authentication factors is the second step. Without both, a subject cannot gain access to a system—neither element alone is useful in terms of security. In some systems, it may seem as if you are providing only one element but gaining access, such as when keying in an ID code or a PIN. However, in these cases either the identification is handled by another means, such as physical location, or authentication is assumed by your ability to access the system physically. Both identification and authentication take place, but you might not be as aware of them as when you manually type in both a name and a password.
识别和认证经常被作为一个单一的两步过程一起使用。提供身份是第一步,而提供认证因素是第二步。没有这两个步骤,一个主体就不能进入一个系统--就安全而言,单独一个因素是没有用的。在某些系统中,似乎你只提供了一个要素就获得了访问权,例如在输入ID码或PIN码时。然而,在这些情况下,要么识别是由另一种方式处理的,如物理位置,要么认证是由你的物理访问系统的能力承担的。识别和认证都会发生,但你可能不会像手动输入姓名和密码时那样意识到它们。
Authorization授权
Once a subject is authenticated, access must be authorized. The process of authorization ensures that the requested activity or access to an object is possible given the rights and privileges assigned to the authenticated identity. In most cases, the system evaluates the subject, the object, and the assigned permissions related to the intended activity. If the specific action is allowed, the subject is authorized. If the specific action is not allowed, the subject is not authorized.
一旦一个主体被认证,访问必须被授权。授权的过程确保所要求的活动或对某一对象的访问在分配给认证身份的权利和权限下是可能的。在大多数情况下,系统会评估主体、对象以及与预期活动相关的分配权限。如果特定的行动被允许,主体就被授权。如果特定的行动不被允许,那么该主体就没有被授权。
Auditing is the programmatic means by which a subject’s actions are tracked and recorded for the purpose of holding the subject accountable for their actions while authenticated on a system through the documentation or recording of subject activities. It is also the process by which unauthorized or abnormal activities are detected on a system. Auditing is recording activities of a subject and its objects as well as recording the activities of application and system functions. Log files provide an audit trail for re-creating the history of an event, intrusion, or system failure.Auditing is needed to detect malicious actions by subjects, attempted intrusions, and system failures and to reconstruct events, provide evidence for prosecution, and produce problem reports and analysis. Auditing is usually an ative feature of operating systems and most applications and services. Thus,configuring the system to record information about specific types of events is fairly straightforward.
审计是跟踪和记录主体行为的程序性手段,目的是通过记录主体活动,使主体对其在系统中被认证的行为负责。它也是检测系统中未经授权或异常活动的过程。审计是记录一个主体及其对象的活动,以及记录应用程序和系统功能的活动。日志文件提供了一个审计线索,用于重新创建一个事件、入侵或系统故障的历史。需要审计来检测主体的恶意行为、企图入侵和系统故障,并重建事件,为起诉提供证据,并产生问题报告和分析。审计通常是操作系统和大多数应用程序和服务的一个原生功能。因此,配置系统以记录特定类型事件的信息是相当直接的。
Notice: Monitoring is part of what is needed for audits, and audit logs are part of a monitoring system, but the two terms have different meanings. Monitoring is a type of watching or oversight, whereas auditing is a recording of the information into a record or file. It is possible to monitor without auditing, but you can’t audit without some form of monitoring.
注意:监控是审计所需的一部分,而审计日志是监控系统的一部分,但这两个术语的含义不同。监控是一种观察或监督,而审计是将信息记录到记录或文件中。没有审计亦有可能进行监控,但没有某种形式的监控就无法审计。
Accountability问责制
An organization’s security policy can be properly enforced only if accountability is maintained. In other words, you can maintain security only if subjects are held accountable for their actions. Effective accountability relies on the capability to prove a subject’s identity and track their activities. Accountability is established by linking an individual to the activities of an online identity through the security services and mechanisms of auditing, authorization, authentication, and identification. Thus,individual accountability is ultimately dependent on the strength of these processes. Without a strong authentication process, there is doubt that the person associated with a specific user account was the actual entity controlling that user account when the undesired action took place.
一个组织的安全政策只有在问责制得到维持的情况下才能得到适当的执行。换句话说,只有当主体对其行为负责时,你才能维护安全。有效的问责制依赖于证明一个主体的身份和跟踪他们的活动的能力。问责制是通过审计、授权、认证和识别等安全服务和机制将个人与在线身份的活动联系起来而建立的。因此,个人问责制最终取决于这些程序的强度。如果没有强大的认证过程,就会怀疑与特定用户账户相关的人在发生不希望发生的行为时是否是控制该用户账户的实际实体。
Protection Mechanisms保护机制
Another aspect of understanding and applying security controls is the concept of protection mechanisms or protection controls. Not all security controls must have them, but many controls offer their protection through the use of these mechanisms. Some common examples of these mechanisms are defense in depth, abstraction, data hiding,and using encryption.
了解和应用安全控制的另一个方面是保护机制或保护控制的概念。不是所有的安全控制都必须有这些机制,但许多控制通过使用这些机制来提供保护。这些机制的一些常见例子是深度防御、抽象化、数据隐藏和使用加密。
-
Defense in Depth 纵深防御
Defensein depth, also known as layering, is the use of multiple controls in a series. No one control can protect against all possible threats. Using a multilayered solutionallows for numerous different controls to guard against whatever threats cometo pass. When security solutions are designed in layers, a single failed control should not result in exposure of systems or data.
深度防御,也被称为分层,是在一个系列中使用多种控制。没有一个控制可以防止所有可能的威胁。使用多层次的解决方案可以使许多不同的控制措施来防范任何威胁的发生。当安全解决方案被分层设计时,一个失败的控制不应该导致系统或数据的暴露。
-
Abstraction抽象
抽象是用来提高效率的。类似的元素被放入组、类或角色,作为一个集体被分配安全控制、限制或权限。抽象化简化了安全,使你能够将安全控制分配给按类型或功能收集的一组对象。因此,在对对象进行分类或为主体分配角色时,要使用抽象的概念。
Abstraction is one ofthe fundamental principles behind the field known as object-oriented programming. It is the unknown environment doctrine that says that users of an object (or operating system component) don’t necessarily need to know the details of how the object works; they need to know just the proper syntax forusing the object and the type of data that will be returned as a result (that is, how to send input and receive output). This is very much what’s involved inmediated access to data or services, such as when user mode applications use system calls to request administrator mode services or data (and where such requests may be granted or denied depending on the requester’s credentials and permissions) rather than obtaining direct, unmediated access.
抽象是被称为面向对象编程领域的基本原则之一。它是一种未知的环境学说,即一个对象(或操作系统组件)的用户不一定需要知道该对象如何工作的细节;他们只需要知道使用该对象的适当语法以及作为结果返回的数据类型(即如何发送输入和接收输出)。这在很大程度上是对数据或服务的中介访问,例如当用户模式的应用程序使用系统调用来请求管理员模式的服务或数据时(这种请求可能被批准或拒绝,取决于请求者的证书和权限),而不是获得直接的、非中介的访问。
Another way in which abstraction applies to security is the introduction of object groups, sometimes called classes, where access controls and operation rights are assigned to groups of objects rather than on a per-object basis. This approach allows security administrators to define and name groups easily (the names are often related to job roles or responsibilities) and helps make the administration of rights and privileges easier (when you add an object to a class, you confer rights and privileges rather than having to manage rights and privileges for each object separately).
抽象应用于安全的另一种方式是引入对象组,有时称为类,其中访问控制和操作权限被分配给对象组,而不是基于每个对象。这种方法允许安全管理员轻松地定义和命名组(名称通常与工作角色或职责有关),并有助于使权利和特权的管理更容易(当你把一个对象添加到一个类中时,你就赋予了权利和特权,而不是为每个对象单独管理权利和特权)。
-
Data Hiding数据隐藏
Datahiding is exactly what it sounds like: preventing data from being discovered or accessed by a subject by positioning the data in a logical storage compartment that is not accessible or seen by the subject.This means the subject cannot see or access the data, not just that it is unseen. Forms of data hiding include keeping a database from being accessed by unauthorized visitors and restricting a subject at a lower classification level from accessing data at a higher classification level. Preventing an application from accessing hardware directly is also a form of data hiding. Data hiding is often a key element in security controls as well as in programming.Steganography is an example of data hiding (see Chapter 7).
数据隐藏正是它听起来的样子:通过将数据放置在一个主体无法访问或看到的逻辑存储隔间中,防止数据被主体发现或访问。这意味着主体无法看到或访问这些数据,而不仅仅是看不到这些数据。数据隐藏的形式包括防止数据库被未经授权的访问者访问,以及限制一个较低分类级别的主体访问一个较高分类级别的数据。防止一个应用程序直接访问硬件也是数据隐藏的一种形式。数据隐藏通常是安全控制以及编程中的一个关键因素。隐写术是数据隐藏的一个例子(见第七章)。
Data hiding is an important characteristic in multilevel secure systems. It ensures that data existing at one level of security is not visible to processes running at different security levels. From a security perspective, data hiding relies on placing objects in security containers that are different from those that subjects occupy to hide object details from those with no need to know about them or means to access them.
数据隐藏是多级安全系统的一个重要特征。它可以确保在一个安全级别上存在的数据对在不同安全级别上运行的进程不可见。从安全的角度来看,数据隐藏依赖于将对象放在不同于主体所占据的安全容器中,以隐藏对象的细节,使其不被那些没有必要知道这些细节或没有办法访问它们的人知道。
The term security through obscurity may seem relevant here. However, that concept is different. Data hiding is the act of intentionally positioning data so that it is not viewable or accessible to an unauthorized subject, whereas security through obscurity is the idea of notinforming a subject about an object being present and thus hoping that thesubject will not discover the object. In other words, in security throughobscurity the subject could access the data if they find it. It is digital hideand seek. Security through obscurity does not actually implement any form of protection. It is in stead an attempt to hope something important is not discovered by keeping knowledge of it a secret. An example of security though obscurity is when a programmer isaware of a flaw in their software code, but they release the product anyway hoping that no one discovers the issue and exploits it.
通过隐蔽性实现安全这一术语在这里似乎是相关的。然而,这个概念是不同的。数据隐藏是指故意将数据定位,使其不能被未经授权的主体查看或访问的行为,而通过隐蔽性实现安全是指不告知主体某个对象的存在,从而希望主体不会发现该对象。换句话说,在隐蔽性安全中,如果主体发现了数据,他们就可以访问该数据。这就是数字捉迷藏。隐蔽的安全实际上并不是实施任何形式的保护。相反,它是一种尝试,希望重要的东西不被发现,把它的知识作为一个秘密。一个隐蔽性安全的例子是,一个程序员知道他们的软件代码中有一个缺陷,但他们还是发布了产品,希望没有人发现这个问题并利用它。
-
Encryption加密
Encryption is the science of hiding the meaning or intent of a communication from unintended recipients. Encryption can take many forms and should be applied to every type of electronic communication and storage. Encryption is discussed at length in Chapters 6 and 7.
加密是一门将通信的含义或意图隐藏起来的科学,使其不被非预期的接收者发现。加密可以采取多种形式,并应适用于每种类型的电子通信和存储。第6章和第7章将详细讨论加密问题。
原文始发于微信公众号(网络安全等保测评):DAD...AAA
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论