In the first part of the Essentials of Information Security Training series, we will look at the basic concepts in this area.
Earlier in the part one section of the Proceedings of the principles of protection of information read knowledgeable in the field of IT security is a necessity for all participants. Here is what it entails; Importance of Information Security You Ought to Know
The confidentiality and accuracy of information and accessibility are the basic concepts that we will discuss in the following series of articles on information security training. In these articles, we look at ways in which we can ensure that these conditions are met. But first of all we need to have a clear understanding of the definition of these words to know exactly what we are trying to accomplish.
Welcome to Jafar Bank
Learn about the characters who will be with us during these articles.
This is Ja’far. Jafar has recently launched a bank called Jafar Bank.
This is Morteza. Morteza is one of the people who has an account at Jafar Bank. He uses Jafar’s online banking system to transact and receive financial reports. He is a regular user of law and order and will never do anything to harm the system.
Unlike Morteza, Jawad, pictured above, is always looking to damage the system. He intends to inflict damage on Jaafar in any way possible. You are looking for ways to prevent Javad.
Confidentiality means preventing unauthorized reading. For example, Morteza’s account balance at Jafar Bank is confidential. If Javad can read this information, the confidentiality of the information is compromised. To protect the confidentiality of your information, you must ensure that any information is readable only by authorized persons.
Information integrity – Integrity
You should always make sure that the information in your system is correct. It should not be possible to write information without permission, or at least write information without permission, so that you can identify which information in the system is incorrect. Integrity of information, then, means preventing unauthorized writing or at least detecting unauthorized writing.
Note that the accuracy of information and the confidentiality of information should not be confused with each other. Javad may not be able to read the mortgagor account balance, which would have kept the confidentiality of the information, but the accuracy of the information would have been compromised if he could replace a new amount stored as the mortgagor account balance.
Accessibility – Availability
DOS attacks or denial of access are relatively new attacks. These attacks make it impossible to access the system without disclosing confidential information or altering existing information. Jawad, who cannot understand the confidential information in the system and is unable to compromise the accuracy of the information, wants to disrupt access to Jaafar’s online banking system. In that case, Morteza loses his trust in Jafar Bank and loses his money and opens an account in another bank. You need to ensure that information and systems are always accessible while maintaining the confidentiality and accuracy of the information.
Authentication – Authentication
Consider Morteza, who turns on her laptop and makes a transaction using the online banking system of Jafar. First, how does a Morteza Laptop know if the person working with a Morteza is a Laptop? On a single computer, this is usually done by giving users a password, and encryption methods are used to make the process safe. In the next article we will discuss cryptography. The process by which we secure the user’s identity is called authentication. Morteza’s laptop has a password that only Morteza knows, so when she correctly enters the password, it becomes clear that the person using the laptop is really Morteza.
But network authentication faces more threats. For example, Javad may be able to hear messages being transmitted over the network. He may also be able to manipulate them. Suppose he can resend one of the previous messages sent by Morteza to Jafar Bank. In that case, he may be able to identify himself as a mortgagor. This type of attack is called the Man in the middle attack, which we will address in the following articles. In order for this to happen, the exchange of messages must be precisely based on specific protocols. This means that the composition of the messages exchanged is very important and must follow a certain pattern. Encryption methods are also widely used in network platform authentication.
See Also: Work From Home Jobs in Canada
Access Allocation – Authorization
What information should be made available after Morteza’s authentication process has been properly implemented in the Jaafar Bank Online system and ensured that the person claiming to be Morteza is indeed Morteza? Once authentication permissions and permissions are authenticated, Morteza should not be able to access Ali account balances. But Jafar as bank manager can have access to Morteza and Ali’s account balance. The mechanism that imposes restrictions on authenticated users is called access authorization.
Now that you are familiar with key definitions of information security, it’s time to know how each of these goals will be met. What mechanisms are there to achieve these goals? In the next few articles, we will explore one of the most important security mechanisms as we enter the cryptographic world. Ref