5.1 Explain the basic principles of security concepts and technologies
- Encryption technologies
Encryption is the process of translating data into code, making it unreadable to anyone who is not an intended recipient. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text, while encrypted data is referred to as cipher text. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.
- Data wiping / hard drive destruction / hard drive recycling
While erasing files simply marks file space as available for reuse, data wiping overwrites all data space on a storage device, replacing useful data with garbage data. Depending upon the method used, the overwrite data could be all zeros (also known as "zero-fill") or could be various random patterns.
- Software firewall
A software firewall, or host-based firewall, is a program that protects a computer by monitoring and restricting communications. While it is capable of monitoring both incoming and outgoing traffic, it's primary focus is on incoming traffic. A software firewall does not require any additional hardware or wiring, and is a good option for individual computers. It has an advantage over hardware-based firewalls in it's ability to monitor outbound application activity.
- Port security
Port security is a layer two traffic control feature that enables an administrator to configure individual switch ports to allow only a specified number of source MAC addresses ingressing the port. Its primary use is to deter the addition by users of "dumb" switches to illegally extend the reach of the network (e.g. so that two or three users can share a single access port). The addition of unmanaged devices complicates troubleshooting by administrators and is best avoided.
By default, a firewall blocks all network traffic coming in to the network it is protecting. To permit traffic through the firewall, exceptions (or rules) are created that allow certain traffic on the network. The rules are defined by the domain names or IP addresses of the sender and receiver of the traffic as well as the type of traffic (e.g. web or SSH).
- Authentication technologies
Authentication can be implemented through the utilization of software, hardware, or a combination of both. Authentication proves that a user or system is actually who they say they are and is usually based on one or more of three different factors:
- Something you know, such as your username, password, or pin.
A strong password will consist of at least eight characters, including both upper and lower case letters, numbers, and punctuation symbols.
- Something you have, such as a smartcard or identification device.
A smart card is a type of badge or card that gives you access to resources including buildings, parking lots, and computers. It contains information about your identity and access privileges. Each area or computer has a card scanner or a reader in which you insert your card. This increases the security of the authentication process, because you must be in physical possession of the smart card to use the resources. Most smart cards also require the use of a PIN, just in case the card is lost or stolen.
Key fobs are security devices that display a randomly generated code used for authentication. This code automatically changes and is combined with your PIN for authentication.
- Something physically unique to you, such as your fingerprints or retinal pattern.
This type of authentication is referred to as biometrics. Biometric devices use physical characteristics to identify the user. To gain access to resources, you must pass a physical screening process.
- Basics of data sensitivity and data security
Security standards enable organizations to practice safe security techniques to minimize the number of successful security attacks. These guides provide general outlines as well as specific techniques for implementing security. For certain specific standards, security certification by an accredited body can be obtained.
Security classifications define the level of sensitivity or secrecy to a document, file, or record. Some common security classifications might include the following:
- Top secret: Highest degree of protection for information in which access should be extremely limited.
- Secret: Sensitive information whose unauthorized disclosure may result in serious damage or risk.
- Confidential: Any information in which unauthorized disclosure may compromise operations.
- Public: Information which is openly accessible to anyone.
- Social engineering
Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and the process of using or manipulating people to gain access to unauthorized resources.