In this video, you will learn to describe security mechanisms and what they include. All right, into security and mechanisms. For enterprise security. So Stalin's tells us that security mechanisms are defined as the combination of hardware software and processes that enhance IP security. Once again. So we talked about the principle of the security enforcement point. This is the technical implementation of a security policy. The security policies derived from the business policy. So the business policy describes, what we're going to do. Not how we're going to do it. This security policy describes how worker wanted to do it and the security enforcement point or the security mechanisms are the technical implementation of that security policy. So that point is taken up with the second bullet point, that it's a security policy implementation mechanism or delivery vehicle. Some examples of those are protocol suppression for example to turn off FTP. That security policy would be no FTPs allow, the business policy. No one authorized large-scale data movements. So the security enforcement point would be to disable FTP, is another example about the identification and authentication we've talked about the three aspects of identification, of access control identification, authentication, authorization. Those were all services that are going to be important. Once again we talked about how security services are the tools for security enforcement. Pulling up of X.800. Starlings gives us a number of examples of security mechanism. So cryptography, digital signatures, access controls. You can read the list. These are actual. Like I said once again security enforcement points and at the top and just above each one of these security mechanisms is a controlling security policy. Once again the security policy is a technical policy that is derived from a logical business policies. So that's the food chain. So business policies, security policies, security enforcement points or security mechanism. So you'll see that list of what goes in. Those are referred to as specific services. There are ones that transcend, specific policies. Those are trusted functionality, how do we trust our internal users, our privileged users, two classes of users. We have general users. Privilege users. General users that's you and me. Privilege users or somebody who can change your security policy. That's the difference between the two and privileged users should have a lot of attention on their good behavior. So security labels those are referred to generally data. We think about security classification within the government or their secret, top secret, sensitive but unclassified in the private side there's confidential, extreme confidential, business centric. All of those are security labels that are applied to date and how do we use those labels? Access Control, data movement there's some models that describe how those are used, the most famous of which is the Bell-LaPadula model. So other pervasive security mechanisms include event detection, that is the core of Qradar and security intelligence that we can detect that something happened. Now, the question is, is that something different? Animal high risk so this is where it moves into the anomalies side. So security audit trails is also pervasive. This is the ability to collect security intelligence data and ensure that security intelligence data is available, is protected from unauthorized chain. I mean change and can be sent to the correct individuals. So there's an analogy for with security audit trails and criminal chain of custody, that you can always prove who's got responsibility for the data, for the security audits and what they've done to that. So it's extremely important in the forensic world.. Then recovery is recovering and backup which affects how we react or our response to a security alert. So once again we'd see some analogies between this, and the nist security model, and the IBM security framework described in Module 1. Here on Slide 15. We see an example of some security mechanisms or some security enforcement points. This is looking primarily at the access control policies. We see those security enforcement mechanisms implemented initially in the DMZ between the two firewalls good design principles they are of different designs so that if an adversary defeats one Firewall does not have to simply reapply that attack against the second. We see credential management in the security domain and within the security management being able to acquire events, manage credentials. Which those credentials consists of roles permissions and identities.
