CIAA principles of security
We have already outlined these principles in Sicurezza delle reti and talked about the concepts of authentication and integrity. Here we try to deepen these concepts and delve a little bit more on the attack vectors These are acronyms, usually called CIA and AAA for infrastructure
Confidentiality
This is one concerns about the secrecy of the sent message. We do not want others to be able to access and read what we are doing.
Eavesdropping 🟩
This is an example of attack of confidentiality. The setting is usually like this: Eve that intercepts the message sent by each other. For example in network security, it is quite easy to eavesdrop with Wireshark or similars.
Integrity
Integrity concerns with message tampering. The received message should be the same as the sent one (man in the middle are common attacks).
Authentication
Authentication is important when we need to know to whom we are talking to. We should need to be sure that that is exactly the person (or the machine) we are trying to connect (or talk to). In this framework it is about integrity. For more in depth analysis see User authentication.
Spoofing attacks🟩
When an attacker authenticates as another user.
Manipulation attacks🟩
This is tampering.
Availability
The system should be available, that is accessible by its users.
Denial of service attacks🟩
For example if you have limited number of ports, a common example of denial of service attack is the Syn flooding where multiple services ask to open a TCP connection, but it doesn’t continue with the communication, leaving the port occupied but useless.
Anonymity
On the internet we are not anonymous we are always tracked by ISP, cookies and many other strategies that I am not even aware of. This is a problem we we want to be anonymous, so how can we reach this target??
Anonymity by proxy🟩
We just use another computer to repeat my information, this computer doesn’t have access to the underlying information, but it substitutes his IP to ours, so the end receiver doesn’t exactly know where the initial message comes from.
AAA principles of security
See Sicurezza OS
Authentication
Answers: who are you?
Authorization
Answers: what can you do?
Accounting
Answers: what have you done?