Building Blocks Technologies

Training Services
Course Develsopment Services
Training Instruction Services Consulting Services

Services

Technology Training: Security: Application & System Development Security - Security Architecture & Models

Course Objectives:

Upon completion of this course the student will be able to:

  • Describe the security and controls of the systems development process, systems development life cycle as well as application and change controls
  • Differentiate among data warehousing, data mining and knowledge based systems security concerns
  • Maximize concepts used to ensure data and application integrity, confidentiality and availability
  • Describe system security models in terms of Common Criteria, ITSEC, TCSEC and IETF IPSec
  • Differentiate between commercial and government security development requirements

Course Type:

The course is taught in class with an instructor.

Prerequisite:

A general understanding of application development and system development methodologies and practises is recommended

Audience:

Individuals who need to understand security concepts specifically related to Application & System development. Also, individuals who need to understand network security concepts specifically related to system architecture and development; Specifically, System and Software Developers, System Architects, Network Consultants, Security Consultants, Technical Architects, and Security Planners.

Course Description:

This course introduces the student to the controls that are included within systems and applications software as well as the steps used in their development. These include agents, applets, software, databases, data warehouses and knowledge based systems. The concepts, principles, structures and standards used to design, implement, monitor and secure operating systems; equipment, networks and applications used to enforce various levels of Confidentiality, Integrity and Availability are discussed.

Course Length

1 Day

Course Outline

Distributed Environment

  • Overview and Definition
  • Agents
  • Objects
  • Applets
  • Mobile Software

Databases and Data Warehousing

  • Architecture
  • Classification
  • Aggregation
  • Data Mining
  • Inference
  • Polyinstantiation
  • Multi-level Security
  • DBMS Architecture

Data and Information Storage

  • Primary
  • Secondary
  • Virtual
  • Random
  • Volatile
  • Sequential

Knowledge Based Systems

  • Expert Systems
  • Neural Networks
  • Malicious Code
  • Definitions
  • Jargon
  • Myths
  • Hackers/Crackers
  • Viruses
  • Logic Bombs
  • Trojan Horses
  • Active-X
  • Java

System Development Controls

  • System Development Life Cycle
  • Security Control Architecture
  • Integrity Levels
  • Service Level Agreements
  • Virus Definitions

Methods of Attack

  • Brute Force
  • Denial of Service
  • Dictionary
  • Spoofing
  • Hidden Code
  • Logic Bomb
  • rap Door
  • Remote Maintenance
  • Browsing
  • Inference
  • Traffic Analysis
  • Flooding
  • Cramming
  • TOC/TOU

Architecture and Design Principles

  • Physical and Symbolic Addressing
  • Address vs. Memory Space
  • Hardware, Firmware and Software
  • Machine Types
  • Network Protocols
  • Operating States
  • Operating Modes
  • Resource Manager Functions
  • Storage Types
  • Protection Mechanisms
  • Preventative, Detective and Corrective Security Techniques

Security Models, Architecture and Evaluation Criteria

  • Certification and Accreditation
  • Closed and Open Systems
  • Confinement, Bounds and Isolation
  • DAC and MAC
  • IETF Security Architecture (IPSec)
  • ITSEC Classes
  • Object's and Subject's
  • Perimeter and DMZ
  • Reference Monitor
  • Trusted Computing Base
  • Security Models
  • TCSEC

System Architecture Security Issues

  • Covert Channels
  • Overt Channels
  • Failure States
  • Initialization States
  • Input Parameter
  • Maintenance Hooks
  • TOC/TOU
  • Electro-magnetic Radiation
  • Standards and Criteria