Information Security Overview
This article covers the foundations of information security.
Information security refers to a set of processes and activities performed in order to protect information. The main objective of information security is to prevent unauthorized users from stealing and misusing information or services.
Elements of Information Security
When talking about information security, we need to take into consideration its five major elements:
We need to make sure that our secrets and sensitive data is secure.
Confidentiality ensures that the information is available ONLY to people who have the right authorization to access it.
We don’t want our data to be accessible or manipulated by unauthorized persons. Data integrity ensures that only authorized parties can modify data.
Integrity ensures the accuracy of the information. Using hashing helps in keeping the integrity of information.
Availability applies to systems as well as data and ensures that the resources are available whenever an authorized user needs them.
If authorized persons cannot get the data due to general network failure or denial of service (DOS) attack, then that is a problem from the business point of view.
Read more → CIA Triad
Authenticity ensures that users are actually who they present themselves to be, or that a document or information presented is not corrupted.
Authentication is the process which identifies a user, or a device, to grand privileges and access.
In simple terms, Non-repudiation means that the sender of a message cannot later deny having sent the message. Also the receiving person cannot deny having received the message.
Non-repudiation is one of the Information Assurance (IA) pillar which guarantees the information exchange between a sender and a receiver via techniques such as digital signatures and encryption.
- Confidentiality → Authorized to have access
- Integrity → Trustworthiness of Data or resources
- Availability → Available when required
- Authenticity → Quality of being genuine
- Non-repudiation → Guarantee or Assurance
Information Security Terminologies
To understand the process of hacking, it is important to understand the common terminologies:
Hack value is hackers’ way of deciding whether something is worth doing or not.
It reflects their interest and motivation to prove that something that is normally considered difficult or even impossible to do, is actually doable and that they are the ones who did it.
So, if something is considered to be of high value to a hacker, they will put all of their effort and energy into the hack.
Vulnerability is a weakness on a target application or network. Any vulnerability can be an entry point for hackers to enter the target.
Exploit is a piece of code which takes advantage of the identified vulnerability to deliver a malicious code.
Payload is a malicious code that is capable of causing harm. Hackers deliver payloads and execute them through various exploits.
Zero-day refers to a vulnerability in software or hardware that is unknown to the vendor.
If a hacker discovers and exploits such vulnerability, then that is considered to be a zero-day attack. Even if the vendor is aware of the vulnerability, zero-day attack can happen any time until the vendor releases a patch.
So, exploiting previously unknown vulnerabilities for which a patch has not been released is called a zero-day attack.
Daisy chaining is an attack in which hackers gain access to one computer or network. They then use that computer to access the next computer or network and so on.
Doxing is revealing and publishing personal information about someone. It involves gathering private and valuable information about a person or organization and then misusing that information for different reasons.
Bots are malicious programs that hackers use to control infected machines.
Hackers use bots to perform malicious activities from the machines on which bots run. Once hackers infect a machine, they can use that bot to control and perform attacks on other computers.
In addition, hackers usually use bots to infect multiple machines, creating a botnet which then they can use for distributed denial of service attacks.
Security, Usability and Functionality Triangle
Every system contains three important components: functionality, usability, and security.
- Functionality refers to the features of the system
- Usability refers to the GUI of the system and how user friendly it is
- Security refers to how the processes of the system are used and who is using them
These components are interconnected, so any change made to one component directly affects the other two.
This means that if the system security is increased, then the functionality and usability of the system are decreased.
Same thing happens if the functionality or usability of the system are increased.
Therefore, it is important to carefully consider these components and then decide how to balance each and every one of them to get the desired levels of security, functionality, and usability.
By now you should have learned the basics of information security. We also covered some common terminologies used within the InfoSec community.