1 / 10

Unix Systems security and security evaluation criteria

Unix Systems security and security evaluation criteria. Agenda. Overview of UNIX Flavors and versions of UNIX Open source vs proprietary software Security evaluation criteria Ten general security rule. Flavors and versions of UNIX.

merry
Télécharger la présentation

Unix Systems security and security evaluation criteria

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unix Systems security and security evaluation criteria

  2. Agenda • Overview of UNIX • Flavors and versions of UNIX • Open source vs proprietary software • Security evaluation criteria • Ten general security rule

  3. Flavors and versions of UNIX • Following are the example of The proprietary flavors of unix that have been designed to run only (or mainly) on proprietary hardware sold by the same company • AIX - developed by IBM for use on its mainframe computers • BSD/OS - a commercial version of BSD developed by Wind River for Intel processors • HP-UX - developed by Hewlett-Packard for its HP 9000 series of business servers • IRIX - developed by SGI for applications that use 3-D visualization and virtual reality • QNX - a real time operating system developed by QNX Software Systems primarily for use in embedded systems • Solaris - developed by Sun Microsystems for the SPARC platform and the most widely used proprietary flavor for web servers • Tru64 - developed by Compaq for the Alpha processor

  4. Flavors and versions of UNIX • Others are developed by groups of volunteers who make them available for free. Among them are: • Linux - the most popular and fastest growing of all the Unix-like operating systems • FreeBSD - the most popular of the BSD systems (all of which are direct descendants of BSD UNIX, which was developed at the University of California at Berkeley) • NetBSD - features the ability to run on more than 50 platforms, ranging from acorn26 to x68k • OpenBSD - may have already attained its goal of becoming the most secure of all computer operating systems • Darwin - the new version of BSD that serves as the core for the Mac OS X

  5. Open source vs. Proprietary software • Open source software • Some example are Linux distribution, PHP, Apache, gdb, XML, gcc, java, perl etc • Proprietary software • Example are Microsoft windows, Exchange server, Adobe Acrobat, Photoshop, Mac os etc

  6. Security evaluation criteria • Computer security evaluation? • is the detailed examination and testing of the security features of an IT system or product to ensure that they work correctly and effectively and do not show any logical vulnerabilities. • It includes a claimed level of Assurance that determines how rigorous the evaluation is. • Criteria • Criteria are the "standards" against which security evaluation is carried out.

  7. Security evaluation criteria • TCSEC(Trusted Computer System Evaluation Criteria) • The US Department of Defense published the first criteria in 1983 as the TCSEC • more popularly known as the "Orange Book". • The current issue is dated 1985. • The US Federal Criteria were drafted in the early 1990s as a possible replacement but were never formally adopted. • ITSEC (Information Technology Security Evaluation Criteria) • During the 1980s, the UK, Germany, France and the Netherlands produced versions of their own national criteria. These were harmonised and published as the ITSEC.

  8. Security evaluation criteria • Common Criteria • The Common Criteria represents the outcome of international efforts to align and develop the existing European and North American criteria. • The Common Criteria project harmonizes ITSEC, CTCPEC (Canadian Criteria) and US Federal Criteria (TCSEC)into the Common Criteria for Information Technology Security Evaluation (CC) for use in evaluating products and systems and for stating security requirements in a standardized way.

  9. Ten general security rule • Rule 1: Security Through Obscurity Doesn't Work • Rule 2: Full Disclosure of Bugs and Holes Benefits Security • Rule 3: System Security Degrades in Direct Proportion to Use • Rule 4: Do It Right Before Someone Does It Wrong For You • Rule 5: The Fear of Getting Caught is the Beginning of Wisdom

  10. Ten general security rule • Rule 6: There's Always Someone Out There Smarter, More Knowledgeable, or Better-Equipped Than You • Rule 7: There Are No Turnkey Security Solutions • Rule 8: Good and Evil Blend into Gray • Rule 9: Think Like the Enemy • Rule 10: Trust is a Relative Concept

More Related