Security Basics
Confidentiality (CIA)
Encryption - Turns the message into a code
Access Controls
o ID Me
o Authentication - Password
o Authorization - Permissions
Steganography
o Hidden messages in plain sight.
o Hidden text in the file or a photo
Integrity (CIA)
Ensured data is not tampered with
Hashing - Creating a derivative code through an algorithm
o If data is changed, the future hash will too
Digital Signatures, Certificates, and Non-Repudiation
o By sending a unique digital signature, you make it clear who
sent the message, which allows the receiver to trust it, and the
sender to be held accountable.
o Other forms of non-repudiation include tracking, by user
account, who did what on a system.
o PKI - Public Key Infrastructure
Enables signatures and certificates to function by
maintaining encryption keys and certificate management
Availability (CIA)
Redundancy and fault tolerance set to ensure that data is
retrievable when it's needed
SPOF - Single Point of Failure
o Any juncture where, if the SPOF fails, the whole system ceases
to function
, Disk Redundancy
o Raid 1, 5, 6, 01, 10
Server Redundancy
o Extra clusters! If one server fails, it fails over to the redundant
server
o Virtualization can help
Load Balancing
o Multiple servers supporting a service so one doesn’t get
overloaded
Site Redundancies
o If a fire or flood takes out one location, another backs it up
Hot Site - Ready and available 24/7
Cold Site - Location where equipment, data, and personnel can be
moved to when needed
Warm Site - Mix between hot and cold site
Backups
o Data stored in multiple places
Alternate Power
o UPS and generators
Cooling Systems
o HVAC
Patching
o Keep systems bug free and clear of security issues
Safety
Safety of People - Emergency escape plans, drills, and training
o Often, secure facilities will be unsecure in case of emergency
to ensure human safety
Safety of Assets - Physical security measures like locks, lighting,
fencing, CCTV, and more
Layered Security/Defense
, No single approach is enough- mix and match!
Every step, layer, and phase need its own security protocols
CAC - Common Access Card
o Smart card including readable ID info for secure environments
PIV - Personal Identity Verification
o Smart card including readable ID info for secure environments
HOTP- HMAC-based One-Time Password
o An example of a rolling key-based password like the ones used
in tokens.
o HOTP passwords are usable once only, but theoretically forever
until used
o Open-source and affordable systems
o TOTP - Time-Based HOTP
Duh
Authentication Services
Kerberos
o Functions on Unix and Windows Active Directory Domains
o Prevents MitM attacks through use of mutual authentication
o Uses tickets to prevent repeat incidents
o Requirements
KDC- Key Distribution Center
TGT- Ticket Granting Tickets
Certificates are packaged within digital
authentication “tickets” or tokens
Time-Stamping and Synchronization
Tickets are only valid for a certain amount of time,
so systems must be within 5 minutes of each other.
Time-outs prevent replay attacks
Replay Attacks
o Intercepted authentication data so third
party can connect
, o Uses Symmetric Key Cryptography
One key encrypts and decrypts
Asymmetric Encryption Key
o Utilizes two keys- a public encryption key (hosted by PKI) and
a private decryption key.
LDAP and Secure LDAP - Lightweight Directory Access Protocol
o X.500 based that (when secure) can use TLS
o Specifies formats and methods to query a directory of objects
(users, computers, and directory objects)
o Microsoft Active Directory is based off LDAP
o Enables a single location to interact with all resources on a
directory
o Secure LDAP
Utilizes TLS - Transport Layer Security Session to encrypt
data
Secure LDAP v2 used SSL encryption, but v3 uses TLS
SSO - Single Sign On
o Feature enabled in both Kerberos and LDAP, wherein a user
signs into the network once and receives a token which can
sign them into all necessary systems
o Federations
Enables two non-homogenous networks to coordinate
permissions for users
User holds credentials on both networks, but signs into
the federation which treats them as a single account
o SAML - Security Assertion Markup Language
XML based
Allows websites to enable federation like trust privileges
so that users can access resources on both
Principal - User
Identity Provider - Identity management utility - contains
IDs and passwords
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller trayttolliver86. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £8.35. You're not tied to anything after your purchase.