Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
10 views3 pages

CLS Unit-1 (I)

The document outlines essential security services necessary for protecting data, including authentication, confidentiality, integrity, availability, non-repudiation, and access control. It also introduces the CIA triad, which is fundamental for developing security systems and policies, and discusses major categories of network attacks that threaten information security, such as interruption, interception, modification, and fabrication. Each attack type is explained with examples, highlighting their impact on different aspects of information security.

Uploaded by

aatulverma07
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views3 pages

CLS Unit-1 (I)

The document outlines essential security services necessary for protecting data, including authentication, confidentiality, integrity, availability, non-repudiation, and access control. It also introduces the CIA triad, which is fundamental for developing security systems and policies, and discusses major categories of network attacks that threaten information security, such as interruption, interception, modification, and fabrication. Each attack type is explained with examples, highlighting their impact on different aspects of information security.

Uploaded by

aatulverma07
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Unit 1

Topic: Information Security

 Security Services

Companies need to be confident that they have strong data security and that they can protect
their data from cyber-attacks and other unauthorized access and data breaches. Weak data
security can lead to key information being lost or stolen, create a poor experience for
customers that can lead to lost business, and reputational harm if a company does not
implement sufficient protections over customer data and information security weaknesses
are exploited by hackers. Following are the security services that need to be ensured:
1. Authentication: It is the process of verifying user's identity. Before a user attempts to
access information stored on a network, he or she must prove their identity. This can be
checked by verifying personal information of the user, for example, ID card, biometrics or
unique log-in information that includes a user name and password. If the credentials match
with the details stored in the database the user is considered authentic.

2. Confidentiality: The purpose of ‘Confidentiality’ is to ensure the protection of sensitive


data like bank details of users, trade secrets of company etc). The aim is to prevent
unauthorised disclosure of sensitive data from getting into the wrong hands. Only authorised
individuals should be able to access the required information. It can be implemented using
strong passwords, encryption, biometrics, multi-factor authentication etc. A failure to
maintain confidentiality means that someone who shouldn’t have access has managed to get
access to private information.

3. Integrity: It refers to the accuracy and completeness of data. It prevents data from
being modified or misused by an unauthorized party. Data must not be changed while
transmitting and precautionary steps must be taken to ensure that data cannot be altered by
unauthorized people. For example, in a data breach that compromises integrity, a hacker may
seize data and modify it before sending it to the receiver. It can be implemented using
Encryption.

4. Availability: It refers to information being accessible to authorised people as and when


needed. If the network goes down unexpectedly, users will not be able to access essential
data on time. Availability is associated with system reliability, which can be impacted by
hardware failures, software downtime, or cyber-attacks like DOS.
5. Non-repudiation: It is the assurance that sender cannot deny the validity of the sent
information. It provides proof of the origin of data and the integrity of the data. non-
repudiation makes it very difficult to successfully deny where a message came from as well
as the authenticity and integrity of that message. It can be implemented using digital
signatures.
6. Access Control: The network should be designed in a way in which not everyone can access
all the resources. This is done by deploying a password, unique user ID and authenticating to
the network. For ex. In a Data Base, only data base administrator is allowed to make changes,
common users can only read the information and not change it. This access is being controlled
by imposing selective restrictions.

 CIA Triad:

The CIA triad forms the core foundation for the development of security systems and
policies for organizations. As such, the CIA triad plays a crucial role in keeping your data
safe and secure against growing cyber-threats. When a security incident, such as data theft
or a security breach occurs, it is deemed that an organization has been unsuccessful in
appropriately implementing one or more of these principles. The CIA triad is vital to
information security since it enhances security posture, helps organizations stay compliant
with complex regulations and ensures business continuity.
 Network Attacks

Following are major categories of network attacks that affect information security:

1. Interruption

2. Interception

3. Modification

4. Fabrication

1. Interruption attack causes resources of information system to become unavailable on a


temporary or permanent basis. Interruption is an attack on availability. Ex. Denial of service
(DOS) attack.

2. An interception occurs when an unauthorized individual gains access to confidential


information. Interception attacks are attacks against confidentiality and access control.
Ex. of such attack is Wiretapping telecommunications networks.

3. Modification refers to inserting, deleting or changing data while being transmitted without
the knowledge of sender or receiver. It is an attack against the integrity of the information. It
also affects non-repudiation. Ex: man in the middle (MITM) attack.

4. In a fabrication attack false information is created and sent to the receiver on behalf of
sender without the knowledge of sender or receiver. The information is manipulated to seem
as if it originated from a trusted source. It is an attack on authenticity. Since, authenticity is
hampered, thus non-repudiation will also be attacked. Ex. Email spoofing.

You might also like