Terms in Security

Security Terms 

CIA triad 

CIA triad is the core aspect when designing security policy.

  • Confidentiality 
    • Measurement to prevent sensitive information from unauthorized access attempts. 
  • Integrity
    • Maintaining the consistency, accuracy and trustworthiness of data over its entire life cycle. 
    • Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people. 
  • Availability 
    • Information should be consistently and readily accessible for authorized parties.

Basic terms used in security 

  • Risk 
    • The possibility of suffering a loss in the event of an attack on the system 
  • Vulnerability
    • Flaw in a system that could be exploited to compromise the system 
    • 0-day vulnerability is a vulnerability that is not known to the software developer or vendor, but is known to an attacker
  • Exploit 
    • Software that is used to take advantage of a security bug or vulnerability
  • Threat
    • The possibility of danger that could exploit a vulnerability 
  • Hacker
    • Someone who attempts to break into or exploit a system 
    • Black and White hackers 
  • Attack 
    • An actual attempt at causing harm to a system
  • Malware 
    • Type of malicious software that can be used to obtain your sensitive information, or delete or modify files 

REFERENCE 

Comments

Post a Comment

Popular posts from this blog

Cryptography

Image
 Cryptography  Basic Terminology  Encryption: cipher plain text and make it into unreadable message. cf) cipher is done by using encryption algorithm and key (which is unique for every cipher)  Decryption: reverse of encryption. Symmetric cryptography  Same key is used for encryption and decryption. Encryption algorithms for Symmetric cryptography : DES, RC4, AES  Asymmetric cryptography  Different keys are used for encryption and decryption.  Utilizes computational difficulty of large numbers.  But how do we know who sent the message ?? Anyone can peek at public key and anyone can argue that the message was from him. This is where digital signature comes into play.  Algorithms used in asymmetric cryptography  RSA(Rivest-Shamir-Adleman)  One of first practical asymmetric cryptograph...
Read more

Various types of security attacks.

Image
 Various types of security attacks  Network attacks  DNS cache poisoning attack  It works by tricking a DNS server into accepting a fake DNS record that will point to a compromised DNS server. It then feeds you fake DNS addresses when you try to access legitimate websites.  Poisoned DNS cache Man in the middle attack  An attack that places the attacker in the middle of 2 hosts that think they're communicating directly with each other.  Session hijacking  Session is taken over by an attacker. A session starts when you log into a service. The attack relies on the attacker's knowledge of your session cookie, so it is also called cookie hijacking. Session hijacking is done by stealing user'...
Read more