We know CIA and threats, But how are they related and what are the remedies?

This is a problem one of my friends asked, and made me question myself. Hope this is useful for others too :) But I am really sorry for the image quality here!

CIA is a principle set to ensure security of information. C-confidentiality I-integrity and A-availability are the elements in which presence of each or combination of two or all in a system, is taken to design a security plan. Confidentiality is to making sure that the information is received by respective parties without being exposed or without an intermediate interruption. Integrity is the to make sure that the information is sent by the trusted party themselves. Availability is simply, the reliability of respective parties in presence of communication.

The main threats to these three elements are namely;

· Interference

· Interception

· Modification

· Fabrication

Interference, in other words “Interruption” is the presence of an unauthorized access in the flow of communication and not forwarding the packet to the end point/recipient.

Interception is simply sniffing. An unauthorized third party is in presence of the data flow, but not interfering and causing disturbance to the normal flow.

Modification involve editing and defacing the information yet forwarding the defaced/edited message to the original recipient.

Fabrication is when an unauthorized party is involved in communication but act like a contact which is known to the recipient.

Here are some scenarios for you to understand, how above mentioned threats can compromise the three elements in CIA.

Interruption can be mitigated implementing a central authentication system where most commonly we know the networking protocol, RADIUS. Other than that, there are LDAP, TACACS and LOCAL. Locking physical ports using MAC or RADIUS authentication is another way. Other remedies include Firewalls and IPS preventing DOS and DDOS attacks, Load balancers in front of application servers etc.

Interception can be avoided using SSL, VPN tunnels where communication is secure while on transmission. Firewalls and IDPS can also be implemented to monitor and keep away the network from sniffers.

Modification remedies include hashing functions, encryption, Access and privilege over data. One benefit of using Hash function is that time consumed to encrypt and generate a cipher text is minimized as only a string of text is converted to a cipher text using a mathematical calculation. Use of MAC’s (Message Authentication Codes) can also be stated as a remedy for modification of information.

Fabrication is prevented using the proof of originator. Not long ago we were introduced to digital signatures. Therefore, notice the value of digital signatures where without a doubt we now know the exact person who generated the message that we read. Mac’s and Hashing to identify the origin is also used to reduce threats associated with fabrication.

As in context I find, remedies I told used as following; Notice there are plenty of other mechanisms that are in use and are trending in present. Therefore you are more than welcome to share your thoughts…