Security/Fundamentals: Difference between revisions

Security/Fundamentals (view source)

Revision as of 18:53, 27 October 2015

127 bytes added , 27 October 2015

Automated sync from https://github.com/mozilla/wikimo_opsec

Gdestuynder

Confirmed users

502

edits

@@ Line 1: / Line 1: @@
+<table>
+  <tr>
+    <td style="min-width: 25em;">__TOC__</td>
+    <td style="vertical-align: top; padding-left: 1em;">
 The goal of this document is to detail the rationales behind why various technologies and processes are encouraged or discouraged.
-<table><tr>
+Updates to this page should be submitted to the [https://github.com/mozilla/wikimo_opsec/ source repository on github].
-<td><div style="float:left;" class="toclimit-3">__TOC__</div></td>
+Changes are detailed in the [https://github.com/mozilla/wikimo_opsec/commits/master commit history].
-<td valign="top">
-{| class="wikitable"
+<span style="float: right; padding-top: 3em;">[[File:OpSec.png|300px]]</span>
-|-
+    </td>
-! Document Status !! Major Versions
+  </tr>
-|-
+</table>
-|  <span style="color:green;">'''READY'''</span> ||
-* Version 1.1: kang: r+
-* Version 1: gene: creation
-|}
-[[File:OpSec.png|right|300px]]
-</td>
-</tr></table>
 = Rationales =
@@ Line 22: / Line 19: @@
 |-
 |<div id="shared-passwords">[[#shared-passwords|§]] Shared passwords and accounts</div>
-|Shared passwords are passwords or/and accounts that more than one person knows or has access to. They're discouraged because
+|Shared passwords are passwords or/and accounts that more than one person knows or has access to. They're discouraged because:
 * Use of them makes auditing access difficult:
 ** multiple users appear in audit logs as one user and different users actions are difficult to differentiate.
@@ Line 31: / Line 28: @@
 |-
 |<div id="decentralized-user-account-management">[[#decentralized-user-account-management|§]] Decentralized user account management</div>
-|Decentralized user account management refers to user account management which is not driven by the source of truth for
+|Decentralized user account management refers to user account management which is not driven by the source of truth for the user's account. Examples of this are:
-the user's account. Examples of this are:
 * Manual user account creation by administrators.
 * Automated user account creation from scripting or configuration management that creates accounts based on a static
@@ Line 45: / Line 41: @@
 |-
 |<div id="mfa">[[#mfa|§]] Multi-factor Authentication</div>
-|Multi-factor authentication (MFA) is a security system that requires more than one method of authentication from
+|Multi-factor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
-independent categories of credentials to verify the user's identity for a login or other transaction.
 Requiring the use of MFA for internet accessible endpoints is encouraged because by requiring not only something the
 user knows (a knowledge factor like a memorized password) but also something that the user has (a possession factor like
@@ Line 60: / Line 55: @@
 |-
 |<div id="nsm">[[#nsm|§]] Network Security Monitoring</div>
-|Network Security Monitoring (NSM) is the practice of monitoring raw network traffic in order to detect intrusions or
+|Network Security Monitoring (NSM) is the practice of monitoring raw network traffic in order to detect intrusions or abnormal behavior. The use of NSM is encouraged because it can:
-abnormal behavior. The use of NSM is encouraged because it can:
 * identify when a host has been compromised by the network traffic it emits.
 * understand the commonalities in a distributed network attack.
 * provide incident responders with data needed to quickly diagnose security issues.
 |}

Security/Fundamentals: Difference between revisions

Security/Fundamentals (view source)

Revision as of 18:53, 27 October 2015

Navigation menu

Search