Scribd
Upload
9 views4 pages

Security Systems III Notes

The document covers fundamental concepts of data security, focusing on data masking techniques, storage devices, virtualization, and cloud computing. It outlines various data masking methods, their advantages, and the importance of secure storage to prevent unauthorized access to confidential information. Additionally, it discusses cloud computing models, associated challenges, and common cyber attacks, along with strategies for addressing these threats.

Uploaded by

simonpabalate
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views4 pages

Security Systems III Notes

The document covers fundamental concepts of data security, focusing on data masking techniques, storage devices, virtualization, and cloud computing. It outlines various data masking methods, their advantages, and the importance of secure storage to prevent unauthorized access to confidential information. Additionally, it discusses cloud computing models, associated challenges, and common cyber attacks, along with strategies for addressing these threats.

Uploaded by

simonpabalate
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Fundamental Concepts of Data Security: Security Systems 3 Notes

Data Masking:

• What
o Process of hiding original classified data
o Same formant, different values
• Where
o Testing applications/systems
o Training
o Third-party analytics
o Security requirements (invisible to operators)
• Requirements
o Must remain usable for testing purposes
o Must look real and appear consistent
o Not able to be reverse engineered
o Must remain meaningful
o Must have sufficient change to the original data
• Substitution
o Different authentic value is substituted for existing value
o Requires large substitution datasets
• Shuffling
o Randomly shuffled within the column
o Should not be used in isolation
• Number and data variance
o Like nulling out except keeping some of the data intact
o Not effective for testing
• Encryption
o Most complex
o Requires key base on user rights
o Not effective
• Nulling out / Deletion
o Simplistic
o Cannot be used where software requires validation
• Static
o Test data generated from backup of original data
• Dynamic
o Masking at runtime, dynamically and on demand
o Attributed-based and policy driven
o Avoid the need for a second data source to store masked data
• On the fly
o Similar to dynamic data masking
o Copy from original to test environment
o Good for sharing data
• Advantages of static data masking
o Allows the development and testing without influencing live
systems
o Best practice for working with contractors and outsourced
developers, DBAs, and testing teams
o Provides a more indepth policy of masking capabilities
o Allows organizations to share the database with external
companies
• Advantages of dynamic data masking
o The sensitive information never leaves the database!
o No changes are required at the application or the database
layer
o Customized access per ip address per user or per application
o No duplicate or offline database required
o Activities are performed on real data, saving time and
providing real feedback to developers and quality assurance
• Storage Devices
o Storage devices are fundamental component of a system and
there many types devices available ranging from high
capacity hard drives to small capacity USB drives or memory
cards
o Storage devices are critical components from the point of
view cyber security. Why?
o Systems can booted from storage devices which can override
local settings
• Confidential information can be retrieved by gaining access to the
storage devices (which are either discarded without being properly
“wiped” or removed from the systems)
• Confidential information can illegally copied via removable media
• Virtual memory – used to extend the system memory
• The access to the virtual memory is slower because of the nature of
the storage
• Problems with virtual memory
o Access to encrypted data
o Access to memory contents after the power has been turned
off
• Virtual machines – enables the running of multiple OSes on the
system
• Current virtualization software is advanced
o It allows very effective simulations of OSes depending on the
level of access and hardware support the virtual machine can
indistinguishable from the actual machine
o It can be used to simulate large scale systems rather than
individual machine eg VMWare allows the user to tailor
specific network of virtual servers and user machines
• Virtualization is key aspect of cloud computing and poses major
challenges in terms of cybersecurity
• What is cloud computing
o A model which enables the combination of hardware,
software, networking that allows the delivery of on-demand
computing resources via the internet or private network
• What are the categories of cloud solutions
o Public cloud
o Community cloud
o Private cloud
o Hybrid cloud
• Why use the cloud
o On demand storage and processing resources at typically
lower cost
o Dedicated security comes as part of the typical cloud solution
• Cloud services
o Infrastructure as a service (IaaS): eg Amazon
o Platform as a service (PaaS): eg Google Cloud
o Software as a service (SaaS): eg GoogleDoc
• Cloud computing issues
o Virtualization issues
o Network availability
o Cloud provider viability
o Security incidents
o Transparency
o Cross VM traffic
o Cloud data storage
o Loss of physical control
o New risks new vulnerabilities
• Common Attacks
o Ransomware attacks
o Denial of service/distributed denial of service (DoS/DDoS)
attacks
o Data exfiltration
o SQL injection attacks
o Cross site scripting (XSS) attacks
o Phishing attacks
o Virus/malware
• How attacks happen
• What issues Confidentiality, Integrity or Availability
• How to address the threat
o Prevention
o Detection
o Correction
o Recovery

You might also like