From 691f739b7d55f310e65215ac977f222c2f09a787 Mon Sep 17 00:00:00 2001 From: Leonard Kugis Date: Tue, 3 Mar 2020 22:28:29 +0100 Subject: IntroSec Corrected typo. --- .../introduction_to_information_security.md | 38 +++++++++++----------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'en_GB/Introduction to Information Security/introduction_to_information_security.md') diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md index af0804d..7269b89 100644 --- a/en_GB/Introduction to Information Security/introduction_to_information_security.md +++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md @@ -4,15 +4,15 @@ ### Security objectives -- Confidentiality +- Confidentiality Contents of objects cannot be read by third parties. -- Integrity +- Integrity Whether or not a message has been modified between origin and receiver. -- Availability +- Availability Guaranteed access to the information for permitted parties. -- Access Control +- Access Control Only permitted parties are allowed to access the information. -- Non-repudiation +- Non-repudiation Proof that an entity was involved in some event. ### CIA @@ -26,18 +26,18 @@ - Confidentiality - Integrity - Availability -- Utility +- Utility Ensures that the information is useful and insensitive to e.g. lost keys. -- Possession or Control +- Possession or Control Be sure that the possessor is in control of the information at all times. -- Authenticity +- Authenticity Verification of claimed identities. Notice: In most cases, this just proves entities (e.g. machines), not humans. Also, there must be a point in time where authentication starts. If this step is taken automatically by a machine (e.g. session start), there is no valid inference to the actual human. ### Secrecy -Confidentiality+. +Confidentiality+. Not only provides hidden contents, but also hides the fact that there is content at all. ### Strategy @@ -80,18 +80,18 @@ As a user, you can be authenticated on the basis of ### Password protection -- No expiry dates +- No expiry dates Studies have shown that this results in worse passwords. -- No restrictions in password alphabet +- No restrictions in password alphabet Studies have shown that this leads to less possibilities in exhaustive guessing and therefore leads to worse passwords. -- Set a minimum length instead +- Set a minimum length instead Has a higher impact than complexity. Set the maximum to at least 64. -- No hints -- Show passwords while typing +- No hints +- Show passwords while typing Doing the opposite motivates the user to choose shorter passwords. -- Allow passwords to be pasted +- Allow passwords to be pasted This enables secure password managers to be used. -- Forbid commonly used passwords +- Forbid commonly used passwords Makes dictionary attacks difficult. - Limit number of failed password attempts @@ -129,9 +129,9 @@ A *Fitting Rate* of 50% indicates that half the pattern data fits the data store A value (in %) determining the minimum *Fitting Rate* for an matching check to be considered as matching. A lower *Matching Threshold* raises the amount of false positive matching checks, but lowers the amount of rejected genuine matching checks. -*FMR* raises, *FNMR* lowers. +*FMR* increases, *FNMR* decreases. A higher *Matching Threshold* raises the amount of rejected genuine matching checks, but lowers the amount of false positive matching checks. -*FMR* lowers, *FNMR* raises. +*FMR* increases, *FNMR* decreases. #### Equal Error Rate (EER) @@ -189,4 +189,4 @@ Victim enters his password and the attacker captures the data forwarded by the f - System authentication to the user - Display number of failed logins - Indicates compromised password to the user. + Indicates compromised password to the user. -- cgit v1.2.1