Technetronic Solutions, Inc.

TSI Security Method – Methods and Attacks

To assess the security needs of customer's systems, the appropriate methodologies and policies need to be applied. This needs to be accomplished in a systematic manner in order to define the requirements and characterize the approaches that satisfy these requirements. There are three aspects to this approach:

• Security Attack: Any action that compromises the security of either the information contained in the system or the system itself.
• Security Method: A method that is designed to detect, prevent, or recover from a security attack.
• Security Service: A service that enhances the security of either the information contained in the system or the system itself. The services are designed to counter security attacks and provide security methods to protect the service.

Service Attributes

• Confidentiality: Ensures that all information in the system is accessible only by the authorized parties.
• Authentication: Ensures that a user or process is correctly identified and the identity is not falsifiable.
• Integrity: Ensures that only authorized parties are able to modify information contained in the system or the system itself.
• Nonrepudiation: Ensures that neither a user that starts or ends an operation in the system can deny this operation.
• Access Control: Ensures that an authenticated user can access only the information contained in the system or system itself based on the user's authorization level.

There is no single method that will provide all the services listed above. Thus, the goal of security is to prevent attack or the ability to detect the attack.

Single Sign On

Single Sign On provides access control to multiple related, but independent systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each system. Conversely, Single Sign Off allows the act of signing off to terminate access to all authenticated systems.