tailieunhanh - Federal Information Processing Standards Publication 191

The report is outlined as follows. In chapter 2, we give an overview of, and a background to, Cryptography, Public Key Infrastructure (PKI), DNS and Secure Messaging, which is used throughout this report. In chapter 3 we demonstrate our implementation of a secure mail application and of a certificate publishing application. In chapter 4 we compare LDAP and DNS for certificate locating and retrieval purposes. In chapter 5 we discuss privacy threats due to Secure DNS and present a possible remedy. In the final chapter we present our conclusions and suggest topics for further investigations | FIPS PUB 191 Federal Information Processing Standards Publication 191 November 9 1994 Specifications for Guideline for The Analysis Local Area Network Security Contents 1 INTRODUCTION . 5 Why LAN Security is Important . 5 Purpose . 5 Overview of Document. 6 LAN Definition . 6 Distributed File Storing. 6 Remote Computing . 7 Messaging. 7 The LAN Security Problem. 7 Distributed File Storing - Concerns . 7 Remote Computing - Concerns. 8 Topologies and Protocols - Concerns . 8 Messaging Services - Concerns. 8 Other LAN Security Concerns. 8 Goals of LAN Security . 9 2 THREATS VULNERABILITIES SERVICES MECHANISMS . . 10 Threats and Vulnerabilities . 10 Unauthorized LAN Access . 11 Inappropriate Access to LAN Resources . 12 Disclosure of Data . 13 Unauthorized Modification of Data and Software . 13 Disclosure of LAN Traffic . 14 Spoofing of LAN Traffic . 14 Disruption of LAN Functions. 15 Security Services and Mechanisms. 16 Identification and Authentication. 17 Access Control. 19 Data and Message Confidentiality . 21 3 FIPS PUB 191 Data and Message Integrity . 22 Non-repudiation. 24 Logging and Monitoring . 24 3 RISK MANAGEMENT . 26 Current Approaches . 26 Participants. 28 Elements of Risk Management . 29 Risk Assessment. 30 Process 1 - Define the Scope and Boundary and Methodology . . 30 Process 2 -Identify and Value Assets. 31 Process 3 - Identify Threats and Determine Likelihood. 32 Process 4 - Measure Risk. 34 Risk Mitigation . 35 Process 5 - Select Appropriate Safeguards . 35 Process 6 - Implement And Test Safeguards. 37 Process 7 - Accept Residual Risk . 38 Appendix A - LAN Security Policy. 39 Appendix B - Personal Computer Considerations . 48 Appendix C - Contingency Planning for LANs . 49 Appendix D - Training and Awareness . 50 References. 52 .