Search| Browse| Contribute
Library| Blogs| Jobs| Podcasts| Wikis| Feeds
Page Location:
Home > Browse > Cybersecurity > Security Management > Security Architecture (6 records)
Alternate ViewsRSS

Security Architecture

Recent blog entries tagged with Security Architecture.

Registration Now Open for February CAMP: Bridging Security and Identity Management
Created by Colleen Luckett (EDUCAUSE) on December 13, 2007

CAMP logoDesigned for both management and technical staff, the Campus Architecture and Middleware Planning (CAMP) workshop, "Bridging Security and Identity Management," February 13-15 in Tempe, Arizona, will address practical approaches for addressing issues surrounding three themes:

| | | | | | | | |
cluckett's blog  Login to post comments  Read more  Send to Friend  183 reads

Red Hat tools for SELinux
Created by Stuart Yeates (University of Oxford) on December 12, 2006

Mayank Sharma writes about some of the features that Red Hat is rolling out to support SELinux on the desktop. SELinux is an NSA-developed security system for locking down Linux. The new tools are GUI tools which allow end-users to configure, examine and analyse an SELinux system. SELinux is unlikely to be suited to non-technical users and still looks to be a significant administration burden even with the new tools, but it's a must-have for the security conscious.

The benefit of SELinux is twofold. First, it replaces the user-based model with a policy-centric model. Every action, like running an application or reading and modifying data, is controlled by a security policy. Actions that violate the policy are denied. Additionally, SELinux compartmentalizes the various applications and processes running on the system. This not only helps in isolating a break-in, but also confines the damage caused by one compromised service. SELinux plugs into the Linux distribution through the Linux Security Module (LSM) hooks, which are available in the 2.6.x kernel series.
| | | | | |
StuartYeates's blog  Login to post comments  Read more  Send to Friend  3719 reads

EDUCAUSE Security Professionals Conference 2006. Summary:System-wide Strategies for Achieving IT Security at Univ. of California
Created by Lida L. Larsen (EDUCAUSE) on April 25, 2006
System-wide Strategies for Achieving IT Security at the University of California
Jacqueline Craig, Director of Policy, University of California Office of the President
David H. Walker, Director of Advanced Technology, University of California Office of the President
 
How do you effectively achieve appropriate stewardship of both personal and restricted information which is used across an institution’s academic, administrative, and other operations?  This session took a close look at the efforts of the University of California system efforts.
 
UC has experienced a number of serious security breaches across the 18 campuses, centers and labs.  In 2003, California passed legislation requiring notification if there is a reasonable belief that unauthorized access of information has occurred and there is reason to believe that privacy of individuals has been compromised.  UC responded by instituting a university-wide security workgroup to come up with solutions.  The workgroup was comprised of faculty, deans, vice-chancellors, general counsel, security officers, CIOs and directors.
 
The working group agreed upon a number of recommendations:
  • Leadership actions to achieve accountability
  • University-wide communication and security education & training
  • Stronger IT security policies
  • Risk assessment guidelines and mitigation with focus on both academic and administrative strategies.
| | | | | |
llarsen's blog  Login to post comments  Read more  Send to Friend  4080 reads

Yet another Microsoft IE flaw
Created by Stuart Yeates (University of Oxford) on March 29, 2006

Yet another bug / flaw / vulnerability / whatever-you-want-the-call-it has hit Microsoft's Internet Explorer. Much of the ho-ha in the press is about the short-term implications of this and they (and thus presumably their readers) are still not asking questions needed to shed real light on the underlying issues:

 

  1. Is there something about browsers that makes them inherently prone to these kinds of security bugs? Yes. There have been a range of bugs with security implications across a wide variety of browser, IE, Opera and Mozilla.
  2. Are there well-understood ways to make browsers more secure against software flaws? How? Yes. By separating functionality into units within a framework with clear, sparse, well documented protocols between them and clear security responsibility within the framework. By having extensive review and testing of the framework and regular updates to both the framework and the components within it. By including security features such as the Java sandbox and by using so-called "layer" security model, in which a single flaw doesn't lead to the complete compromise of an entire system.
  3. Why aren't these things used now? Some of them are, but there are many design requirements when designing, building and maintaining software, and security has to be balanced against issues such as cost, time-to-market, flexibility, robustness, ease-of-use, backwards compatibility and the availability of third party add-ins. Companies such as Microsoft, Opera and Apple, who all have commercial browser offerings, produce software they think is going to get used in the market by balancing these.

 

| | | | | | |
StuartYeates's blog  Login to post comments  Read more  Send to Friend  4365 reads

UCISA Information Security Toolkit
Created by Stuart Yeates (University of Oxford) on March 15, 2006

USISA
Originally uploaded by Stuart Yeates.

UCISA were at the 2006 JISC Conference, touting their Information Security Toolkit:



The UCISA Information Security Toolkit is intended to support UK Higher and Further Education Institutions in producing Information Security policies to address (and to demonstrate that they are addressing) threats to the confidentiality, integrity and availability of information systems for which they are responsible, and to help meet audit requirements. The sections draw heavily on British Standard BS 7799, not least by adopting its structure for control objectives and controls.


Unfortunately it's very much embedded in the UK legislative framework, so only the technical bits will be of much use to those outside the UK. Strangely enough, I spent three days in Blackpool last week at their big annual event and didn't catch up with the toolkit at all, presumably they were all too busy running the event to promote their own documents.

| | | | | | | | |
StuartYeates's blog  Login to post comments  Read more  Send to Friend  4161 reads

Nine principles of security architecture
Created by Stuart Yeates (University of Oxford) on November 24, 2005

Newsforge is carrying an article by Bruce Byfield entitled "Nine principles of security architecture." While there is nothing new here for those with a background in software engineering or computer science, it's a great no-nonsense introduction for those without a formal software background.

| |
StuartYeates's blog  Login to post comments  Send to Friend  4470 reads