Basic Security Concepts

1. Security Objectives (CIA Triad)

The CIA Triad ensures the security of information systems and data. It consists of
Confidentiality, Integrity, and Availability:

a) Confidentiality

 Definition:
Ensures that information is accessible only to those who are authorized to access it.
Protects sensitive data from unauthorized disclosure.
 Techniques to Ensure Confidentiality:
1. Encryption: Converts plain text into unreadable ciphertext using algorithms and
keys.
 Symmetric Encryption: Uses a single key for both encryption and
decryption.
 Example: AES (Advanced Encryption Standard).
 Asymmetric Encryption: Uses a public key for encryption and a private
key for decryption.
 Example: RSA (Rivest-Shamir-Adleman).
2. Access Control Mechanisms: Restrict access to sensitive information based on
roles or policies.
 Example:
 A payroll database accessible only to HR personnel.
 Multi-factor authentication (MFA) enhances access security.
 Real-World Example:
Online banking uses HTTPS, which encrypts the data exchanged between users and the
bank servers to ensure confidentiality.

b) Integrity

 Definition:
Ensures that information is accurate and unaltered unless explicitly authorized. Prevents
unauthorized modifications to data during storage or transmission.
 Key Concepts:
1. Checksums and Hashing:
 Hashing algorithms (e.g., MD5, SHA-256) generate unique digital
signatures for data. Even minor changes to the data will produce a
different hash value.
 Example: Verifying file integrity when downloading software.
2. Digital Signatures:
 Provides integrity and authenticity by verifying that the sender is genuine.
 Example: Signed emails to ensure the content is not altered.
 3. Audit Logs:
 Record system changes, ensuring that any unauthorized alterations are
traceable.
 Real-World Example:
Financial transactions rely on data integrity to prevent fraudulent activity. For instance,
blockchain technology ensures transaction immutability.

c) Availability

 Definition:
Ensures that systems, applications, and data are accessible to authorized users when
needed, without unnecessary delays.
 Key Techniques:
1. Fault Tolerance: Redundant systems or hardware minimize downtime during
failures.
 Example: RAID configurations for data storage.
2. Disaster Recovery Plans: Protocols to restore services after disasters, like server
crashes or natural calamities.
3. DDoS Mitigation: Tools like Cloudflare prevent Distributed Denial of Service
(DDoS) attacks from overwhelming systems.
 Real-World Example:
Cloud service providers like AWS and Azure implement redundancy to ensure 99.99%
uptime.

2. Threats

Threats are potential causes of harm to an organization's systems, data, or operations. They can
be categorized into various types:

a) Types of Threats

1. External Threats:
o Cybercriminals, hackers, or malware originating from outside the organization.
o Example:
 Phishing emails trick users into revealing credentials.
 Ransomware encrypts data, demanding payment for decryption.
2. Internal Threats:
o Actions by employees or insiders, either intentional or unintentional.
o Example:
 A disgruntled employee deleting critical files.
 Accidental sharing of sensitive information by an employee.
3. Advanced Persistent Threats (APTs):
 o Long-term, targeted attacks by sophisticated actors (often state-sponsored).
o Example:
 Nation-state hackers stealing trade secrets from a corporation over months.

b) Threat Actors

1. Hackers:
o Motivated by personal, financial, or political gains.
 Black Hat Hackers: Engage in malicious activities.
 White Hat Hackers: Ethical hackers testing and improving security.
2. Script Kiddies:
o Amateur hackers using pre-written tools to exploit systems without deep
knowledge.

3. Vulnerabilities

A vulnerability is a weakness in a system, process, or technology that can be exploited by a

threat to compromise security.

a) Categories of Vulnerabilities

1. Software Vulnerabilities:
o Bugs or outdated software versions.
o Example:
 The EternalBlue exploit took advantage of unpatched Windows systems.
2. Hardware Vulnerabilities:
o Flaws in physical components.
o Example: Meltdown and Spectre exploited CPU design flaws to leak data.
3. Human Vulnerabilities:
o Social engineering exploits human psychology.
o Example:
 A phishing attack where an employee unknowingly downloads malware.

4. Attacks

Cyberattacks exploit vulnerabilities to compromise security.

a) Common Types of Attacks

1. Phishing:
o Fraudulent emails trick users into sharing sensitive data.
o Example: Fake PayPal login pages.
 2. Malware:
o Malicious software like viruses, worms, or ransomware disrupts systems.
o Example: WannaCry ransomware attack.
3. SQL Injection:
o Attackers manipulate SQL queries to access databases.
o Example: Extracting customer records from an unprotected e-commerce platform.
4. Man-in-the-Middle (MitM):
o Attackers intercept communication between two parties.
o Example: Eavesdropping on unencrypted Wi-Fi connections.

5. Risk

Risk is the likelihood of a threat exploiting a vulnerability, resulting in a negative impact.

Risk Management Framework

1. Risk Identification:
o Catalog potential threats and vulnerabilities.
2. Risk Assessment:
o Evaluate the probability and impact of risks.
o Example: A bank assessing the risk of customer data breaches.
3. Risk Mitigation:
o Strategies include patching vulnerabilities, using firewalls, and employee training.

6. Countermeasures

Countermeasures aim to prevent, detect, or mitigate threats.

Key Countermeasures

1. Preventive: Firewalls, encryption, strong authentication.

2. Detective: Intrusion Detection Systems (IDS), security monitoring tools.
3. Corrective: Incident response plans, backups.