11.1.Security Fundamentals
Last updated
Was this helpful?
Last updated
Was this helpful?
Because almost all (if not all) corporate networks require network security, consider the three primary goals of network security:
Confidentiality
Integrity
Availability
Data confidentiality implies keeping data private.
This privacy could entail physically or logically restricting access to sensitive data or encrypting traffic traversing a network.
A network that provides confidentiality would, as a few examples:
Use network-security mechanisms
for example, firewalls and access control lists [ACLs] to prevent unauthorized access to network resources.
Require appropriate credentials
such as usernames and passwords to access specific network resources.
Encrypt traffic
such that any traffic captured off of the network by an attacker could not be deciphered by the attacker.
Data integrity ensures that data has not been modified in transit. Also, a data integrity solution might perform origin authentication to verify that traffic is originating from the source that should send the traffic.
Examples of integrity violations include the following:
Modifying the appearance of a corporate website
Intercepting and altering an e-commerce transaction
Modifying financial records that are stored electronically
The availability of data is a measure of the data’s accessibility.
For example, if a server was down only 5 minutes per year, the server would have an availability of 99.999 percent.
A couple of examples of how an attacker could attempt to compromise the availability of a network are as follows:
Send improperly formatted data to a networked device,
resulting in an unhandled exception error.
Flood a network system with an excessive amount of traffic or requests,
which would consume a system’s processing resources and prevent the system from responding to many legitimate requests. This type of attack is referred to as a denial-of-service (DoS) attack.
