The link does not really go to sybex, however, and instead goes to a rogue server intended to collect usernames and passwords. What type of attack is this? Phishing What is the term used when a hole is found in a web browser or other software and miscreants begin exploiting it the very day it is discovered by the developer bypassing the 1—2 day response time many software providers need to put out a patch once the hole has been found? Zero day exploit When the user enters values that query XML known as XPath with values that take advantage of exploits, it is known as: XML injection attack What feature included with some versions of Windows 7 offer full disk encryption that can encrypt an entire volume with bit encryption? BitLocker In the most basic form of authentication only one set of values is checked. What is this known as?
|Published (Last):||11 August 2015|
|PDF File Size:||7.55 Mb|
|ePub File Size:||14.14 Mb|
|Price:||Free* [*Free Regsitration Required]|
This chapter will present many of these core principles as an introduction. The second part of the chapter will cover authentication—how systems and users provide credentials to a system to verify their identity— including authentication used in remote access systems. Exploring Core Security Principles Security starts with several core principles that are integrated throughout an organization. These principles drive many security-related decisions at multiple levels.
Understanding these basic concepts helps to give you a solid foundation in security. Confidentiality, integrity, and availability together form the security triad.
Each element is important to address in any security program. Additionally, several other core security principles, such as non-repudiation, defense in depth, and implicit deny, are addressed in any well-designed security program. Confidentiality Confidentiality helps prevent the unauthorized disclosure of data. It uses multiple methods, such as authentication combined with access controls, and cryptography. Authentication is presented later in this chapter, and access controls are covered in chapter 2.
Cryptography provides confidentiality by encrypting data. Many different encryption algorithms are available to provide confidentiality. Two of the key concepts related to confidentiality are: Confidentiality ensures that data is only viewable by authorized users.
Unauthorized personnel are unable to access the information. Encryption also enforces confidentiality. You can use various encryption algorithms to encrypt or cipher the data to make it unreadable. If the encrypted data falls into the wrong hands, the unintended recipient will not be able to read it.
Many elements of security help to enforce confidentiality beyond encryption. These include elements such as authentication, access control methods, physical security, and permissions that combine to ensure only authorized personnel can access the data. This book presents all of these methods. Integrity Integrity provides assurances that data has not been modified, tampered with, or corrupted.
Ideally, only authorized users modify data. However, there are times when unauthorized or unintended changes occur. This can be from unauthorized users, or through system or human errors. When this occurs, the data has lost integrity. You can use hashing techniques to enforce integrity. Briefly, a hash is simply a number created by executing a hashing algorithm against data such as a file or message.
As long as the data never changes, the resulting hash will always be the same. By comparing hashes created at two different times, you can determine if the original data is still the same. If the hashes are the same, the data is the same. If the hashes are different, the data has changed. For example, a simplistic hash of a message could be The hash is created at the source and sent with the message. When the message is received, the received message is hashed. If the hash of the received message is the same as the hash of the sent message , data integrity is maintained.
However, if the hash of the received message is , then you know that the message is not the same. Data integrity has been lost. Hashes can be applied to messages such as e-mail, or any other type of data files. Some e-mail programs use a message authentication code MAC instead of a hash to verify integrity, but the underlying concept works the same way.
Hashing techniques are also used to verify that integrity is maintained when files are downloaded or transferred. Some programs can automatically check hashes and determine if a file loses even a single bit during the download process. The program performing the download will detect it by comparing the source hash with the destination hash. If a program detects that the hashes are different, it knows that integrity has been lost and reports the problem to the user.
In other instances, a website administrator can calculate and post the hash of a file on the website. Users can manually calculate the hash of the file after downloading it and compare the calculated hash with the posted hash. For example, the md5sum. If a virus infected a file on a file server, the hash on the infected file would be different from the hash on the original file and the hash posted on the website. For example, if a database administrator needs to modify a significant amount of data in a database, the administrator can write a script to perform a bulk update.
However, if the script is faulty, it can corrupt the database, resulting in a loss of integrity. Two key concepts related to integrity are as follows: Integrity provides assurances that data has not modified, tampered with, or corrupted.
Loss of integrity indicates the data is different. Unauthorized users can change data, or the changes can occur through system or human errors. Hashing verifies integrity. A hash is simply a numeric value created by executing a hashing algorithm against a message or file. Hashes are created at the source and destination or at two different times such as on the first and fifteenth of the month.
If the hashes are the same, integrity is maintained. If the two hashes are different, data integrity has been lost. Availability Availability indicates that data and services are available when needed. For some companies, this simply means that the data and services must be available between 8 a.
For other companies, this means they must be available twenty-four hours a day, seven days a week, days a year. Chapter 9 covers many fault tolerance and redundancy techniques in more depth. A common goal of fault tolerance and redundancy techniques is to remove single points of failure SPOF. If an SPOF fails, the entire system can fail. For example, if a server has a single drive, the drive is an SPOF since its failure takes down the server.
From a broad perspective, availability includes: Disk redundancies. Server redundancies. Failover clusters can be implemented that will allow a service to continue to be provided even if a server fails.
In a failover cluster, the service switches from the failed server in a cluster to an operational server in the same cluster. Virtualization covered in chapter 5 can also increase availability of servers by reducing unplanned downtime.
Site redundancies. If a site can no longer function due to a disaster, such as a fire, flood, hurricane, or earthquake, the site can move functionality to an alternate site. If important data is backed up, it can be restored when it is lost. Data can be lost due to corruption, deletion, application errors, human error, and even hungry gremlins that can randomly eat your data.
If data backups do not exist, then when it is lost, it will be lost forever. Alternate power. Uninterruptible power supplies UPSs and power generators can provide power to key systems even if commercial power fails. Cooling systems. Heating, ventilation, and air-conditioning HVAC systems improve the availability of systems by reducing outages from overheating. However, an organization may choose to prioritize the importance of one or two of these based on the goals of the organization, or the goals of a specific system.
One way of prioritizing these is with simple values such as low, medium, and high. For example, if a system holds proprietary secrets, confidentiality is of primary importance and the value of confidentiality is high. If the information is shared anonymously with the public, the importance of confidentiality is low. Medium indicates the confidentiality of the data has some importance to the organization. As an example, imagine that you decided to host an online forum for users to share information about IT security-related concepts.
Users can read data anonymously and post data after logging in. In this example, the importance of confidentiality is low, since anyone can read the data anonymously. The importance of integrity and availability is medium. On the other hand, imagine an online gaming site that holds accounts for hundreds of thousands of users, including their credit card data.
If confidentiality of data is lost, customers will lose confidence in the company and may even sue. If the system data is not available when users want to play, users may not return.
In this example, the importance of confidentiality, availability, and integrity is equally high for all three. While this costs more to ensure, a data breach may result in higher losses for the online site in the end. If you understand the concepts of confidentiality, integrity, and availability, and you understand the goals of a system, you should be able to match the concepts with the needs.
In commerce, non-repudiation is commonly used with credit cards. My signature can be used to repudiate me if I deny making the purchase. In other words, my signature is used for non-repudiation. Some common examples of non-repudiation within computer systems are: Using digital signatures to verify someone sent a message. Chapter 10 will cover how digital signatures work in detail, but, as an introduction, digital signatures provide authentication, integrity, and non-repudiation.
Comptia Study Guide Security+ 301