Chapter 6: Introduction to Cybersecurity

Confidentiality, Integrity and Availability

The three are famously referred to as the CIA triad. We can describe it as a
model whose purpose is to guide information security policies within any
given organization. To prevent confusing the triad with the American
Central Intelligence Agency, we sometimes refer to it as the AIC triad. The
three elements are the most critical components of security. In our case,
we can say that availability is defined as a guarantee of access that is
reliable to information by people with authorization, confidentiality is said
to be a set of protocols that are used to limiting access to information and
integrity is the undertaking given to show that the information at hand is
both accurate and trustworthy.

Confidentiality:

This is a rough equivalent of privacy. While ensuring that the right people
can have access to crucial information, it is also prudent that vigorous
measures are undertaken to make sure that there is confidentiality. There
should be restricted access to the data in question by those who are
authorized to view it. Out there, it is not uncommon to categorized data
based on the type and amount of damage that can result from it falling into
unauthorized persons. Stringent measures can more or less be
implemented depending on these categories. Guarding the confidentiality
of data sometimes requires specialized training for authorized to view/use
persons. It would generally involve security risks that could harm that
information. It can, without a doubt, help people with the proper
authorization to get to know the various risk factors and equip them with
countermeasures. Additional aspects of the training may comprise best
practices in password-related issues alongside social engineering
mechanisms.
This will help them avoid breaching rules governing data-handling with
potentially disastrous results in as much as they may have intentions we
can describe as being noble. For example, using a routing number or an
account number is an effective measure that can be used to ensure
confidentiality. We can also employ the use of data encryption to make
sure that there is confidentiality. Passwords and user IDs are part of a
standard procedure that is becoming a common phenomenon, two-factor
authentication. There are different options. They include security tokens
(soft tokens or key fobs) and biometric verification.
Furthermore, it is incumbent upon the users to take precautions in
ensuring that locations where their information appears and the number of
times required to send it to complete a transaction is at a minimal. In cases
where we have critical data, extra measures may be necessary. Such
actions can involve storing the information on disconnected storage
devices on air-gapped computers or it can even be stored in the form of
hard copies only.

Integrity:

This component of the triad comprises ensuring the trustworthiness,
consistency, and accuracy of data throughout its complete life cycle. It is
of immense importance that data that is in transit is not altered. Solid
steps need to be taken to make sure that no modification on the data by
unauthorized people happens. For instance, in cases where we have a
confidentiality breach. Here, the countermeasures can involve user access
controls and file permissions. To prevent accidental deletion or erroneous
changes by authorized users, we can employ the use of version control. In
place, there also need to exist mechanisms to help in the detection of data
changes, which may result from non-human events, including a server
crash or an electromagnetic pulse. We can include checksums and
cryptographic checksums to help with the integrity verification of data.
Lastly, it may be necessary to have some form of redundancies and
backups that will help in the restoration back to its former state.

Availability:

The rigorous maintenance of all the hardware ensures that there will
always be availability fo the services rendered by this hardware. Failing
equipment should be promptly and adequately repaired to keep in order a
properly functioning operating system environment that is devoid of any
software conflicts. One aspect of maintenance that should also be carried
out is updating all the necessary system components. It will also be to
provide ample bandwidth for communications and to ensure a minimal
occurrence of bottlenecks. Mitigation of hardware failures and their
repercussions can be done using high-availability clusters, redundancy,
RAID and even failovers.
For the worst-case scenarios that occur, disaster recovery that is both
adaptive and fast is essential. For this to be possible, the disaster recovery
plan laid down has to be comprehensive. Prevention of data loss or
connection interruptions needs to also account for unpredictable events.
Examples include fire and natural disasters. Copies of back up data can be
securely stored at a location that is geographically-isolated to prevent loss
of data resulting from such occurrences. Such sites also need to be water
and fire-resistant. To guard against issues such as downtime and
inaccessibility of data due to denial-of-service attacks and network
intrusions, we can employ the use of extra security equipment, for
instance, proxy servers, firewalls and software.

Issues arising from the CIA:

The CIA paradigm faces immense challenges where big data is involved.
This is primarily because of the sheer volume needing to be kept safe, the
variety of formats of the data, and, finally, the multiplicity of the
originating sources. Disaster recovery plans and duplicate sets of data all
make the already high cost even higher. Additionally, oversight is often
lacking since the main objective of big data is for analytics purposes, i.e.,
gathering data and using it to make some kind of useful interpretation. We
all know this fellow, Edward Snowden, who brought this issue to light.
Security agencies carry out the collection of enormous volumes of
peoples’ private data throughout the world. To safeguard individual
information from exposure in the IoT environment, we have special
considerations known as the Internet of Things privacy. This means that
almost any logical or physical entity can be assigned a unique identifier to
enable autonomous communications over a network, including the
Internet.
The transmitted data from a particular endpoint may not, on its own,
necessarily result in any privacy issues. The catch is, however, when the
fragmented data from multiple endpoints is accessed, gathered and
analyzed, sensitive information can be obtained. Securing the Internet of
Things is itself a formidable challenge since it comprises numerous
Internet-enabled devices besides computers. Such devices are, in most
cases, often set up with default passwords that are weak or in some cases,
the devices are unpatched. Unless IoT is protected adequately, there is a
likelihood that it may be used as a separate vector of attack or be made a
part of a thingbot. Recently, it has been demonstrated by researchers that it
is possible to compromise a network just by using a Wi-Fi-enabled light
bulb. It is essential for us that we consider the security of the numerous
network-capable products that are under development.

Encryption

We define encryption as a mechanism through which plaintext or other
data type are changed from their currently readable form to an encoded
way. It is only an entity having access to a decryption key that can decode
the data. This is an important measure that usually is used to provide endto-end data security across networks. Encryption, as a proactive security
measure, is commonly used all over the internet for purposes of protecting
crucial information belonging to users, which is being exchanged between
servers and browsers. That can include private information such as
payment information, passwords and other personal information.
Individuals, together with organizations, may also opt to use encryption to
ensure the safety of sensitive data that is stored on mobile devices, servers
and computers.

How encryption works

Plaintext data, also known as unencrypted data, is encrypted through the
use of an encryption algorithm plus an encryption key. The result of this is
a ciphertext that can be seen only in its original form if decrypted with the
correct key. On the other hand, decryption is the reverse of encryption. The
steps used in encryption are followed in a reverse fashion. In the modern
age, we have two commonly used encryption algorithms. They are
symmetric and asymmetric encryptions.
When it comes to the symmetric encryption mechanism, a single key is
utilized for encryption. The Advanced Encryption Standard (AES) is one
of the most used symmetric-key ciphers. It was designed primarily to
protect classified information for governments. This mechanism is faster
in comparison to asymmetric encryption. The sender must, however, share
the encryption key with the recipient. The keys need to be managed in a
secure fashion. This uses an asymmetric algorithm in most cases.
On the other hand, we have asymmetric cryptography. We can also refer to
it as public-key cryptography. Here, two different keys are used. They are,
however, mathematically linked. The keys are as follows; one key is
public and the other one private. The public key many times can be shared
with anyone. The private key has to be kept secret. In asymmetric
cryptography, the commonly used encryption algorithm is the RSA. The
reason is to some extent that the two keys can encrypt a message, which is
to imply the key that is opposite to the one used for the encryption is used
to decrypt it. This feature offers a way of ensuring that we not only have
confidentiality but also authenticity, non-reputability and integrity of
electronic communications and data.

Benefits of Encryption

Confidentiality of digital data, which is stored on computer systems or
that which is sent through the internet or any other computer network, is
protected by using encryption. Organizations such as Payment Card
Industry Data Security Standard (PCI DSS) require that sensitive data be
encrypted to keep unauthorized entities from accessing the data. We also
have some standards requiring or recommending data encryption.
Nowadays, modern encryption algorithms serve an integral role in making
sure that the security of communications and IT systems possess not only
confidentiality but also the under listed key elements of security:
Authentication: the origin of a given message should be able to
be verified.
Integrity: This has got to do with keeping the message intact.
That is, the contents of messages have not been altered or
deleted from the time it was sent.
Nonrepudiation: Here, non-repudiation means that a particular
sender cannot dispute that they send the message.

Backup and Redundancy

Usually, we use backup where copies of data are created in anticipation of
a catastrophic loss. On the other hand, redundancy is a lot more than just
data storage. Redundancy aims to provide a continuity of service
regardless of what will happen. Data redundancy ensures that the storage
of data is done at multiple and heterogeneous locations. We also have what
we call network redundancy whereby a given network is configured in
such a way that it has numerous alternative systems. The alternative
systems serve to ensure continuity of service regardless of what happens.

Data Redundancy

For any organization, it is essential first that regular services are restored
as soon as possible after there has been a security breach. Data should be
able to be reconstructed as quickly as possible. To this end, businesses
have come up with various ways to make sure there is data redundancy. It
is common knowledge that these methods come with their own merits in
terms of cost-effectiveness, speed and management. The most common
way is using off-site tape backups. In this method, magnetic tapes are
used to store a complete bit-for-bit copy of a storage volume. The tapes
can be transferred to an off-site storage facility where they can be easily
retrieved whenever there is a catastrophic failure. Besides, we can use
Cloud Backup to safeguard data against losses.

Network Redundancy

Most of the infrastructure we use for our networks are unbelievably
fragile. For instance, when a router burns out due to one reason or another,
the result is that there will be a prolonged period of network downtime. To
mitigate against this, businesses make sure that networks they use have an
adequate redundancy so that they can survive and provide services in cases
of an emergency. Fundamentally, network redundancy means that no
matter what type of failure occurs, a network will still be up and running.
To be able to do this, we can have multiple network devices such as hubs,
routers and switches configured to stand in for one of them that fails. We
also have ISP redundancy, where a gateway in the network is joined to
more than one separate ISP. Just like with the devices, one ISP will take
over whenever there is a failure. In cases where a network is functioning
correctly, we can use the ISPs to share the traffic resulting in reduced
congestion of the network. This here is called load sharing.

Preventing a SPOFF

SPOFF is full for a single point of failure. We do not desire that one
critical part of a system failure can render the entire system unusable. Any
planning needs to mitigate this phenomenon. A single point of failure can
be reduced or eliminated by way of redundancy. This will make sure that
there is not a single component that can prevent the proper working of a
system