CIA triad- Network Security - Part2 -

Security revolves around the BIG words. We call it CIA triad. Everyone talks about this CIA, so do I.

At high level, truly security is all about this three terminologies called Security Principles.

 

Integrity – Confidentiality - Availability

I will try to complete this topic as fast I could, you can find any article talking about this.            

cia triad

Confidentiality:

Information not disclosed to unauthorized persons or entities.

One means of achieving confidentiality:            

Data Encryption is one means of achieving confidentiality. Like encrypting  passwords.

Ways to violate confidentiality:
Malware, intruders, social engineering.

Integrity:

It can be data integrity or system integrity. It’s a property where System or Data is not modified by unauthorized users.It relates to origin trustworthiness, completeness, and correctness of information.

It includes:
Authenticity: Ability to verify that  unauthorized user didn't modify the content.
Non repudiation & Accountability:  Any Action on the system can be verified and associated with a  user.

One means of achieving Integrity:                        

Hashing is one mechanism. Hashing the data you receive and comparing with the hash of the original message.

Ways to violate Integrity:

stealing passwords, replay attacks

Availability:

It’s a property where system or system is available to authorized users.

One means of achieving Availability:

Fault tolerant systems, redundant copies and backups.

CIA

CIA	RISK	Control Mechanisms
Integrity	Loss of privacy. Identity Theft unauthorized access to information	Encryption, Authentication, Access control
Confidentiality	Information is no longer reliable. Indemnity Theft unauthorized access to information	4-Eyes, Audit logs
Availabilities	Business disruption. Identity Theft unauthorized access to information	Back ups

Types of Security Attacks -Network Security Tutorials- Part1

As part of the series of topics on network security.

Hope you will like it.

Security Attacks:

An action that compromises, the security of information.

1. Passive Attacks

It intercepts the message, learns about the makes use of the message, but does not affect system resources.

Passive attacks can be of:

1.         

            Release of Message contents

Any message or file transferred over the network is intercepted. This intercepted data can contain sensitive information.

2       Traffic  Analysis:

If the data is masked/encrypted, intruder may not be directly able to read it. Intruder would be able to read the pattern of the message, identify the host’s communicating, length and the frequency of the message.

2. Active Attacks

This form of attack, intercepts the message, modifies or recreates a false stream of message.

Active Attacks can be of:

1.       Masquerade.

One pretends to be a different entity. Authentication sequence can be captured and replayed after a valid authentication. And using this information to impersonate and get illegal access.

Masquerading occurs when one person uses the identity of another to gain access to a computer. This may be done in person or remotely

2.       Replay

Capture the data and retransmit the data.

3.       Modification of messages.

Actual message: “allow xyz to read a file”,

Post modification: “allow gs to read a file”.

Here ‘xyz’ is been replaced by ‘ gs’ by the middle man.

4.       Denial of Service.

There are two forms of denial of service.

First form: Suppressing all messages directed to a particular destination.

Second form: disrupted the network by disabling the network or by overloading it with messages to degrade the performance.(Bottle neck)

3. Insider Attack

It involves any insider eavesdrop, steal or damage information. Use that stolen information any purpose.

Example:

Credit card or Cell phone holder information shared to external person.

4. Close-in attack:

Social engineering is best way to describe this kind of attack.

 Attacker cans the advantages of being physically close to the target devices.

Example:

Shoulder surfing is one such example.  Person looking over someone's shoulder, to get information such as password, PIN.

5. Distribution attack:

Introduction of Trojan horse or back-door program. This code gets distributed across the network to gain unauthorized access to information or to a system function and disrupts the functionality of the system.

Good to know difference:
Difference between masquerade and replay attacks:

Masquerade is any attack wherein the attackers acts  as if  attcker was some other user or entity in the system.
Replay attack is plain attack, where use intercepts the data, resend the same data.

In Simple words, Masquerade manipulates the request.
Replay attack just sends the intercepted request without manipulating it.