Introduction To Basic Security Fundamentals
Posted By : Rudhishthir Prakash | 28-May-2018
1. Understanding Security Layers
(a). Core Security Principles:
Core Security Principles include CIA - Confidentiality, Integrity, and Availability.
i. Confidentiality - It deals with keeping information, networks, and systems secure from unauthorized access. This can be achieved by using encryption, authentication and access control.
ii. Integrity - It is defined as the consistency, accuracy, and validity of data or information. This can be achieved by using hashing.
iii. Availability - It describes a resource being accessible to a user, application or computer system when required.
Other principles include:
iv. Least Privilege - User, systems and applications should have no more privilege than necessary to perform their function or job.
v. Attack Surface - An attacker can use a set of methods or avenues to enter a system and potentially cause damage.
vi. Social Engineering - This can be used to get data access, networks or systems, mostly through misinterpretation.
(b). Risk Management:
i. Avoidance
ii. Acceptance
iii. Mitigation
iv. Transfer
2. Authentication, Authorization, and Accounting:
A user is authenticated based on username and password. After authentication of a user, based on their authorization they can access network resources.
A user can authenticate using one or more of the following methods:
i. Using a password or Personal Identity Number(PIN).
ii. Using passport, ID-card or smart card.
iii. By use of biometric fators like fingerprints, retina scans, etc.
The most common method of authentication with computers and networks is password.
RADIUS(Remote Authentication Dial In User Service) and TACACS+(Terminal Access Controller Access-Control System Plus) are protocols that are used for an authentication, authorization and Accounting management for connecting computers and a network service. Their remotely residing reponds to queries from the clients. The server after receiving the request authenticates a combination of username and password(authentication), determine whether a user is allowed to connect to the client(authorization), and then log the connection(auditing).
Auditing allows you to track everyone who has logged in and what he accessed or tried to access.
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Rudhishthir Prakash
Rudhishthir is a technical enthusiast having experience in C#.NET, NodeJS & various front-end technologies. He has great experience in building quality applications with innovative ideas. He also has proven expertise in handling clients.