Visitor

Rabu, 03 April 2013

RFC 2828 and X.800


Computer Security
What is meant by security?

The term “security” is used in the sense of minimizing the vulnerabilities of assets and resources. An asset is anything of value. A vulnerability is any weakness that could be exploited to violate a system or the information it contains. A threat is a potential violation of security.
Security in an OSI environment is just one aspect of data processing/data communications security. If they are
to be effective the protective measures used in an OSI environment require supporting measures which lie outside OSI.

For example, information flowing between systems may be enciphered but if no physical security restrictions are placed on access to the systems themselves, encipherment may be in vain. Also, OSI is concerned only with the interconnection of systems. For OSI security measures to be effective they shall be used in conjunction with measures that fall outside the scope of OSI.

X.800 and FRC 2828

ITU-T Recommendation X.800 (Security Architecture for OSI) and IETF RFC 2828 (Internet Security Glossary) are used as references to systematically evaluate and define security requirements, both have many points in common.

X.800 is used to define general security-related architectural elements needed when protection of communication between open systems is required. X.800 establishes guidelines and constraints to improve existing recommendations and/or to develop new recommendations in the context of OSI. Similarly, RFC 2828 provides abbreviations, explanations and recommendations for information system security terminology.

Both X.800 and RFC 2828 are designed to assist security managers in defining security requirements and possible approaches to meeting those requirements. They also help hardware and software manufacturers to develop security features for their products and services that follow certain standards. X.800 and RFC 2828 both mention several aspects of security systems, namely security threat and attack, security services and mechanisms and security management. This section gives a brief introduction to these standards. We urge readers to read the original standard documents for more information.

Conclusion :
RFC 2828 is bunch of internet glossary, while X.800 is security architecture for open systems interconnection for CCITT applications.
 
Diposting oleh di
Label: , ,

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)