Re: [Sheflug] Security modelling - not quite Linux

[Richard Ibbotson <richard@xxxxxxxxxxxxxx>]

David

> >> At the moment I develop and maintain external websites
> >> and content management systems on LAMP for a school and they
> >> want someone to do this plus internal web sites (on .NET). From
> >> fairly harmless data protection (sports results, news item etc)
> >> it'd now include online access for parents to school reports,
> >> billing and the like, and the grounds on which they say the new
> >> role is significantly different is that the security modelling
> >> is significantly different. Clearly the data is more sensitive,
> >> but does anyone have any advice about how much more complex the
> >> security considerations are? Is it something that you can do a
> >> course on and get up to speed, read a book and practice about,
> >> or does it sound like they have a valid point?

There are some good books about security modelling.  However, I can't 
find mine just now.   A few introductory concepts might be found by 
having a look through this....

http://en.wikipedia.org/wiki/X.509

Policy Based Networking by Dinesh C. Verma might be relevant....

http://www.amazon.co.uk/s/ref=nb_sb_noss?url=search-alias%3Daps&field-
keywords=Policy+Based+Networking+by+Dinesh+C.+Verma+&x=15&y=23

Looking through some of my notes I find that the following might be 
also be relevant.... Maximum Linux Security...

http://www.amazon.co.uk/Maximum-Linux-Security-Protecting-
Workstation/dp/0672321343/ref=sr_1_1?ie=UTF8&s=books&qid=1300375059&sr=8-1

The second one covers the dark area of online crime and fraud.  Not 
completely though.  The author doesn't want to be arrested ;)  Written 
by "anonymous".  Plenty of others out there but these might help for a 
start.

-- 
Richard
_______________________________________________
Sheffield Linux User's Group
http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk
FAQ at: http://www.sheflug.org.uk/mailfaq.html

GNU - The Choice of a Complete Generation