--> There are three main goals of Security we need to take care
i) Confidentiality
ii) Availability
iii) Integrity
i) Confidentiality
--> The main purpose of confidentiality is to prevent disclosure of data.
--> Preventing Unauthorized users getting access to the information.
--> Confidentiality attacks such as Capturing network traffic, Stealing passwords, Social Engineering, Port Scanning, Shoulder Surfing and Sniffing so on.
--> To protect from confidentiality attacks we need to encrypt the data
ii) Availability
--> The main purpose of Availability is to make sure information is needed whenever it is required.
--> There are so many threats to Availability, such as DDOS attacks, Power Outages, Device Failures, Software Errors, Environmental Issues ( Heat, Flooding).
--> To protect from Availability attacks we need to implement redundancy, BCP, using firewalls and routers to prevent DDOS Attacks.
iii) Integrity
--> The main purpose of Integrity is to make sure information is not modified whenever it is moving or in standby.
--> There are so many threats to Integrity, Such as Viruses, Backdoors, Unauthorized access to data and errors in coding and application.
--> To protect from Integrity attacks we need to implement Hashing of Data, Strict Access Controls, Intrusion Detection Systems.
i) Confidentiality
ii) Availability
iii) Integrity
i) Confidentiality
--> The main purpose of confidentiality is to prevent disclosure of data.
--> Preventing Unauthorized users getting access to the information.
--> Confidentiality attacks such as Capturing network traffic, Stealing passwords, Social Engineering, Port Scanning, Shoulder Surfing and Sniffing so on.
--> To protect from confidentiality attacks we need to encrypt the data
ii) Availability
--> The main purpose of Availability is to make sure information is needed whenever it is required.
--> There are so many threats to Availability, such as DDOS attacks, Power Outages, Device Failures, Software Errors, Environmental Issues ( Heat, Flooding).
--> To protect from Availability attacks we need to implement redundancy, BCP, using firewalls and routers to prevent DDOS Attacks.
iii) Integrity
--> The main purpose of Integrity is to make sure information is not modified whenever it is moving or in standby.
--> There are so many threats to Integrity, Such as Viruses, Backdoors, Unauthorized access to data and errors in coding and application.
--> To protect from Integrity attacks we need to implement Hashing of Data, Strict Access Controls, Intrusion Detection Systems.
0 comments:
Post a Comment