Confidentiality: Confidentiality ensures that only authorized personnel are able access the data. Breaches of Confidentiality can occur when data is not handled in a secure mannerFor example, consider a confidential document of an organization lying on a xerox machine. Such disclosure can take place by word of mouth, by printing, copying, e-mailing or creating documents and other data etc. The classification of the information should determine is confidentiality and hence the appropriate safeguards. Encryption is used for maintaining the confidentiality of information. So that sender will encrypt the information and only the intended receiver will be able to decrypt it.
Integrity. It is an assuarance that the information is not tampered with. Assurance that the information is authentic and complete. Ensuring that information can be relied upon to be sufficiently accurate for its purpose. For example, making copies (say by e-mailing a file) of a sensitive document, threatens both confidentiality and the integrity of the information. Checksums are used for providing integrity of the data. Checksum is output of an algorithm applied to a data. If the data has been tampered with, the output will never be the same.
Availability. Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them. Backup mechanisms provide the facilitty of availability. RAID mechanisms can also be used for the same.
There are 2 more basic factors of security:
Authorization: This ensures that whoever is accessing the data has appropriate permissions to do so. A user may be authenticated in a computer. But he may not be authorized to access some data. File and folder level permissions, access control lists facilitate the authorization of the data.
Non-Repudiation: This is to ensure that a party or a person can not deny that he had sent a message. Digital signatures can be used for maintaining non-repudiation.
Sunday, October 31, 2010
My first blog - About myself and my interests
Hay Guys,
This is my very first blog. I had registered in this website in 2007. Its the end of 2010 and Here I AM... starting with my blogs finally. I like to learn new things and do research on the same. Information gathering and web crawling are my hobbies.
I have been working in the Security domain for the past 3 and a half years. I have worked on products like SonicWALL Firewalls, Symantec Endpoint Protection, QualysGuard Vulnerability scanner, RSA Envision, IBM ISS. I have profound interest in malwares and network attacks. I am fond of packet captures and packet crafting. Security has been my passion in my entire career and I look forward to gaining as much knowledge as I can and apply it to the real world environment in order to make Internet a more secure space.
This blog being dedicated to information security, I will be discussing various concepts and aspects of security. I would like to cover some of the basic concepts which act as fundamentals of the security world.
This is my very first blog. I had registered in this website in 2007. Its the end of 2010 and Here I AM... starting with my blogs finally. I like to learn new things and do research on the same. Information gathering and web crawling are my hobbies.
I have been working in the Security domain for the past 3 and a half years. I have worked on products like SonicWALL Firewalls, Symantec Endpoint Protection, QualysGuard Vulnerability scanner, RSA Envision, IBM ISS. I have profound interest in malwares and network attacks. I am fond of packet captures and packet crafting. Security has been my passion in my entire career and I look forward to gaining as much knowledge as I can and apply it to the real world environment in order to make Internet a more secure space.
This blog being dedicated to information security, I will be discussing various concepts and aspects of security. I would like to cover some of the basic concepts which act as fundamentals of the security world.
Subscribe to:
Posts (Atom)