CIA: Core Security Principles
7/23/14
Core Security Principles
CIA (Confidentiality, Integrity, Availability) /_\ sometimes seen as a Triangle.
You can never have a perfect balance amongst the three, ever.
A change in any of the three, changes all of them.
Confidentiality
Prevent unauthorized disclosure
Only viewable by authorized users
Methods:
One method is to combine authentication with access controls
Authentication: Verifying the identity of an individual.
Passwords, ID, Biometrics, Security Badge, Digital Certificates, Tokens; Always something you have, something that you are, something you know.
Cryptography: Obscuring.
Integrity
Ensures the data is reliable, not messed with at all, original condition.
Only authorized users can modify the information
Methods:
File and Folder Permissions
Checksum: Small-sized datum computed form an arbitrary block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage.
The procedure which yields the checksum, given a data input is called a checksum function or checksum algorithm.
Hash types:
SHA-1
Secure Hash Algorithm
Broken, do not trust
MD5
Message Digest
Most Popular
Known Algorithm that becomes a hash
128-bit hash value, typically expressed in a text format as a 32 digit hexadecimal number.
HMAC
Hash-based Message Authentication Code
Specific construction for calculating a message authentication code involving a cryptographic hash function in a combination with a secret cryptographic key.
Availability
The data and information is available when needed by users.
Services are available when needed by users as well.
Methods:
Back up
Fault Tolerance: The ability to recover from a failure
RAID, Clusters, Site Redundancy DFS, Backup power, Cooling systems
Relations to Each Other
Asset Value
Threat (Risk)
Use
Inverted Relationship between Ease of Use, and Security.
The more Security = Less Ease of Use
The More Ease of Use = Less Security
Core Security Principles
CIA (Confidentiality, Integrity, Availability) /_\ sometimes seen as a Triangle.
You can never have a perfect balance amongst the three, ever.
A change in any of the three, changes all of them.
Confidentiality
Prevent unauthorized disclosure
Only viewable by authorized users
Methods:
One method is to combine authentication with access controls
Authentication: Verifying the identity of an individual.
Passwords, ID, Biometrics, Security Badge, Digital Certificates, Tokens; Always something you have, something that you are, something you know.
Cryptography: Obscuring.
Integrity
Ensures the data is reliable, not messed with at all, original condition.
Only authorized users can modify the information
Methods:
File and Folder Permissions
Checksum: Small-sized datum computed form an arbitrary block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage.
The procedure which yields the checksum, given a data input is called a checksum function or checksum algorithm.
Hash types:
SHA-1
Secure Hash Algorithm
Broken, do not trust
MD5
Message Digest
Most Popular
Known Algorithm that becomes a hash
128-bit hash value, typically expressed in a text format as a 32 digit hexadecimal number.
HMAC
Hash-based Message Authentication Code
Specific construction for calculating a message authentication code involving a cryptographic hash function in a combination with a secret cryptographic key.
Availability
The data and information is available when needed by users.
Services are available when needed by users as well.
Methods:
Back up
Fault Tolerance: The ability to recover from a failure
RAID, Clusters, Site Redundancy DFS, Backup power, Cooling systems
Relations to Each Other
Asset Value
Threat (Risk)
Use
Inverted Relationship between Ease of Use, and Security.
The more Security = Less Ease of Use
The More Ease of Use = Less Security