Manualshelf

Datasheet

ManualsBrandsFor Dummies ManualsSoftware978-0-470-64748-6
12345678910
452
Introduction to Security Terminology
Hackers find out about vulnerabilities in the software and hardware devices
we use by purposely testing the limitations of the device or software. Once
they discover the vulnerability, they work on figuring out how they can
exploit it.
Exploit
An exploit takes advantage of a weakness, or vulnerability, in a piece of
software or a device. For example, years ago it was found that most Web
servers were vulnerable to attack because the Web server did not verify the
file being requested in a URL. Hackers exploited this by starting to send com-
mands in a URL that would navigate the folder structure of the Web server
and call for files other than normal Web pages. This is known as folder tra-
versing, and it was a popular exploit on Web servers.
What about CIA?
When working in the security field, you will most likely run into the terms
confidentiality, integrity, availability (CIA). These are the fundamental goals of
security, and ultimately, every security control that we put in place satisfies
one of the elements of CIA.
Confidentiality
Confidentiality is the concept of keeping information secret. In order to
implement confidentiality, you may look to securing data with permissions,
but you also have to look at encrypting the information that is stored on disk
or travels across the network.
Integrity
Integrity is the veracity of the data. Data integrity is about ensuring that when
you receive information, it is the information that was actually sent and not
something that was modified in transit. Hashing is one of the popular methods
of ensuring data integrity. With hashing, the data sender runs the data
through a mathematical algorithm (known as a hashing algorithm), and an
answer is created. When the recipient receives the information, she runs the
data on the same algorithm to see if she gets the same mathematical answer.
If the same answer is calculated, she knows that the data has not been
altered in transit.
Availability
Availability is the concept that the data stored on the network is always
accessible to the people who want the data — the people who are authorized
to access it, that is. As security professionals, we need to ensure the availability
22_647486-bk04ch01.indd 45222_647486-bk04ch01.indd 452 10/15/10 11:27 PM10/15/10 11:27 PM