Skip to main content

CIA TRIAD

 CIA TRIAD


Confidentiality


Confidentiality ensures that sensitive information is only available to people who are authorized to access it .


Security Controls for confidentiality data protection :


  1. Encryption  -> Encrypting data with latest encryption mechanism
  2. Access Control -> LDAP, Managed permission 
  3. Steganography -> Hiding data within data , obscuring the data


Causes of Un-Intentional data disclosure :


  1. Human Error
  2. Oversight
  3. Ineptitude


Violation of Confidentiality Attacks:


  1. Capturing network traffic
  2. Stealing password files
  3. Social Engineering
  4. Port Scanning
  5. Shoulder Surfing 
  6. Eavesdropping - Also known as sniffing or snooping attack , secretly listening 
  7. Escalation of privileges


Countermeasures to ensure confidentiality:


  1. Encryption
  2. Network traffic paddling 
  3. Rigorous access controls 
  4. Strict Authentication process 
  5. Data classification
  6. Personnel Training 



Integrity


Integrity refers to prevention of un-authorized alterations to the data


Integrity Involves the following:


  1. Preventing any un-authorized personnel or entity from making modification to the data of any kind. 
  2. Preventing any personnel or entity from accidentally making modification to the data of any kind. 
  3. Set up logging an tracking to track who or what is attempting to access/modify the data 



Integrity ensures that data objects and resources remain:


  1. Unaltered
  2. Preserved 
  3. Correct


Integrity Violation Attacks:


  1. All sorts of malware
  2. Reverse shell codes
  3. Vulnerable code
  4. Human Error


Countermeasure:


  1. IPS/IDS
  2. Encryption
  3. Mandatory security awareness training




Availability 


Availability ensures that resources are available when authorized users needs access to


Availability Concepts 


  1. Usability
  2. Accessibility
  3. Timelines



Attacks and threats 


  1. DOS
  2. Natural Disaster 
  3. Human error


Countermeasure:


  1. Load balancers for DOS mitigation
  2. Backups 
  3. High fault tolerance






Comments

Post a Comment

Popular posts from this blog

WordPress Common Issue Notes

  WordPress: /wp-content/plugins/sfwd-lms/wpml-config.xml /wp-content/plugins/omni-secure-files/plupload/examples/upload.php /wp-content/plugins/contus-hd-flv-player/uploadVideo.php wp-json/th/v1/user_generation /wp-admin/admin-ajax.php?do_reset_wordpress=1 Wordpress xmlrpc.php -common vulnerabilites & how to exploit them https://medium.com/@the.bilal.rizwan/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32
Post a Comment
Read more

Electron JS Security Checklist

Electron Js Security Checklist Disable nodeIntegration for untrusted origins/Do-not Enable Node-Integration Risk  If enabled, nodeIntegration allows JavaScript to leverage Node.js primitives and modules. This could lead to full remote system compromise if you are rendering untrusted content. Auditing nodeIntegration and nodeIntegrationInWorker are boolean options that can be used to determine whether node integration is enabled.  Auditing For BrowserWindow, default is true. If the option is not present, or is set to true/1, nodeIntegration is enabled as in the following examples:  mainWindow = new BrowserWindow({ "webPreferences": { "nodeIntegration": true, “nodeIntegrationInWorker": 1 } });  Or simply:  mainWindow = new BrowserWindow() For webview tag, default is false.  When this attribute is present, the guest page in webview will have node integration: When sanbox is enabled (see below), nodeintegration is disabled. Please note that it is also possible to u
Post a Comment
Read more

Threat Intelligence in Sagan Using Bro Intelligence Framework

Introduction Monitoring Network Traffic for malicious activities is one of the priorities for an network IDS, what if the network IDS can take in threat intelligence data to look out for malicious domains, Ip addresses, emails,file-hashes and so on, sagan has one such feature called Bro intelligence framework this write up  will give you an insight on how to install configure and use bro intel framework in sagan. I have been working with sagan for few months now, it has been really hard to put all the pieces together and you don't really find any perfect documentation or tutorials regarding sagan and its features at one place. Sagan is an open source real time log analysis and correlation engine that runs on Unix Operating Systems, sagan's rules are quite similar to SNORT. Sagan can record events to the snort unified 2 output format which allows it to be compatible with user interfaces such as Squil,Snorby,Graylog. Sagan has lot more capabilities than being a Log Anal
Post a Comment
Read more