Philosophy of Security
The only truly secure system is one that is powered off, cast in a block of concrete, and sealed in a lead-lined room with armed guards — and even then I have my doubts.
— Eugene H. Spafford
Security starts with three main protections (AIC or CIA principles):
- Availability
- Integrity
- Confidentiality
Availability
Availability means that data is available for storage, acceptance, or protection. It also means that data is also available against virus attacks.
If the network or its data is not available to authorized users (for reasons such as denial-of-service (DoS or routine network crashes) it can cause serious problems for the organization and users who rely on the network as a tool. System failure, including data, applications, devices, and networks, typically reduces an organization’s revenue.
These three concepts must be provided with the security of hardware, software, or communications. Another common term for AAA is computer security. that’s mean:
Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing’s identity, authentication is the process of verifying that identity.
Authorization is the function of specifying access rights/privileges to resources, which is related to general information security and computer security and to access control in particular.
Accounting to track data, use computers and network resources. It often means logging in, auditing, and monitoring data and resources.
Integrity
Integrity means that the data is not manipulated. Validation is necessary before changing data in any way it maintains in an integrated manner. For example, if someone tries to delete the required files, even intentionally or accidentally, the integrity of that file is compromised.
Users usually affect a system or its data’s integrity by mistake (although internal users may also commit malicious deeds). For example, users with a full hard drive may unwittingly delete configuration files under the mistaken assumption that deleting a file must be okay because they don’t remember ever using it. Or a user may insert incorrect values into a data-processing application that ends up charging a customer $3,000 instead of $300. Incorrectly modifying data kept in databases is another common way users may accidentally corrupt data — a mistake that can have lasting effects.
Security should streamline users’ capabilities and give them only certain choices and functionality, so errors become less common and less devastating. System-critical files should be restricted from viewing and access by users. Applications should provide mechanisms that check for valid and reasonable input values. Databases should let only authorized individuals modify data, and data in transit should be protected by encryption or other mechanisms.
Confidentiality
Confidentiality means that only authorized individuals and devices can view sensitive or classified information, and others have no access to this data. The main way to protect data in transit is to encrypt it before sending it. Another option you can use in addition to encryption is to use a separate network to send confidential information.
Attackers can thwart confidentiality mechanisms by network monitoring, shoulder surfing, stealing password files, breaking encryption schemes, and social engineering.
Confidentiality can be provided by encrypting data as it is stored and transmitted, by enforcing strict access control and data classification, and by training personnel on the proper data protection procedures.
Reference:
