From c1e4eda60fe549a9dfd25a87ecbc4acd523d70a0 Mon Sep 17 00:00:00 2001 From: Leonard Kugis Date: Tue, 3 Mar 2020 22:08:56 +0100 Subject: IntroSec Added trailing whitespaces. --- .gitignore | 2 +- .../introduction_to_information_security.md | 34 +++++++++++----------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index e466170..85c7b10 100644 --- a/.gitignore +++ b/.gitignore @@ -24,7 +24,7 @@ # these rules might exclude image files for figures etc. # *.ps # *.eps -# *.pdf +*.pdf ## Generated if empty string is given at "Please type another file name for output:" .pdf diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md index 88bb06f..af0804d 100644 --- a/en_GB/Introduction to Information Security/introduction_to_information_security.md +++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md @@ -4,15 +4,15 @@ ### Security objectives -- Confidentiality +- Confidentiality Contents of objects cannot be read by third parties. -- Integrity +- Integrity Whether or not a message has been modified between origin and receiver. -- Availability +- Availability Guaranteed access to the information for permitted parties. -- Access Control +- Access Control Only permitted parties are allowed to access the information. -- Non-repudiation +- Non-repudiation Proof that an entity was involved in some event. ### CIA @@ -26,18 +26,18 @@ - Confidentiality - Integrity - Availability -- Utility +- Utility Ensures that the information is useful and insensitive to e.g. lost keys. -- Possession or Control +- Possession or Control Be sure that the possessor is in control of the information at all times. -- Authenticity +- Authenticity Verification of claimed identities. Notice: In most cases, this just proves entities (e.g. machines), not humans. Also, there must be a point in time where authentication starts. If this step is taken automatically by a machine (e.g. session start), there is no valid inference to the actual human. ### Secrecy -Confidentiality+. +Confidentiality+. Not only provides hidden contents, but also hides the fact that there is content at all. ### Strategy @@ -80,18 +80,18 @@ As a user, you can be authenticated on the basis of ### Password protection -- No expiry dates +- No expiry dates Studies have shown that this results in worse passwords. -- No restrictions in password alphabet +- No restrictions in password alphabet Studies have shown that this leads to less possibilities in exhaustive guessing and therefore leads to worse passwords. -- Set a minimum length instead +- Set a minimum length instead Has a higher impact than complexity. Set the maximum to at least 64. -- No hints -- Show passwords while typing +- No hints +- Show passwords while typing Doing the opposite motivates the user to choose shorter passwords. -- Allow passwords to be pasted +- Allow passwords to be pasted This enables secure password managers to be used. -- Forbid commonly used passwords +- Forbid commonly used passwords Makes dictionary attacks difficult. - Limit number of failed password attempts @@ -189,4 +189,4 @@ Victim enters his password and the attacker captures the data forwarded by the f - System authentication to the user - Display number of failed logins - Indicates compromised password to the user. + Indicates compromised password to the user. -- cgit v1.2.1