1.2 总结基本的安全概念
摘要
Confidentiality(保密性), Integrity(完整性), and Availability(可用性) (CIA)
Non-repudiation(不可否认性)
Authentication(认证), Authorization(授权), and Accounting(计费) (AAA)
- Authenticating people(人员身份验证)
- Authenticating systems(系统身份验证)
- Authorization models(授权模型)
Gap analysis(差距分析)
Zero Trust(零信任)
- Control Plane(控制平面)
- Adaptive identity(自适应身份)
- Threat scope reduction(缩小威胁范围)
- Policy-driven access control(策略驱动的访问控制)
- Policy Administrator(策略管理员)
- Policy Engine(策略引擎)
- Data Plane(数据平面)
- Implicit trust zones(隐式信任区域)
- Subject/System(主体/系统)
- Policy Enforcement Point(策略执行点)
Physical security(物理安全)
- Bollards(护柱)
- Access control vestibule(门禁控制室)
- Fencing(围栏)
- Video surveillance(视频监控)
- Security guard(安保人员)
- Access badge(门禁卡)
- Lighting(照明)
- Sensors(传感器)
- Infrared(红外)
- Pressure(压力)
- Microwave(微波)
- Ultrasonic(超声波)
Deception and disruption technology(欺骗和干扰技术)
- Honeypot(蜜罐)
- Honeynet(蜜网)
- Honeyfile(蜜文件)
- Honeytoken(蜜令牌)
The CIA Triad(CIA三元组)
又称为 AIC 三元组。
实现方式
Confidentiality(保密性)
- Encryption(加密)
- Access Controls(访问控制)
- Two-factor Authentication(双因素验证)(2FA)
Integrity(完整性)
- Hashing(哈希)
- Digital Signatures(数字签名)
- Certificates(认证)
- Non-repudiation(不可否认性)
Availability(可用性)
- Redundancy(冗余)
- Fault tolerance(容错)
- Patching(打补丁)