Security Dose - Basic Security Scenario and Terminologies!
Basic Security Terminology
In an ideal scenario, let’s say you build a small office network where
employees come, work, and leave home after the day ends. In this scenario,
you know everyone who is coming and what he is doing on the network and are aware
that network resources are being used as per predefined guidelines. Do you know
even in this ideal network, a user may decide to annoy someone by creating interference
or viewing information that is not required for him to perform his job and is meant
to be confidential?
In our example, we have seen a small simple network can also
pose a threat. Now consider the environment where employees are everywhere (in the
branch, at home, at the airport, at café, etc.), and applications or data reside
across multiple data centers. For employee convenience, the company has
provided them with corporate laptops and allowed their mobiles, and tablets to be
used for application access. As the network grows beyond the physical location
of the company, it is difficult for an organization to secure it. Securing a
network needs a basic understanding of security terminology and this acritical is
all about that.
Let’s start with an example of a room where treasure is
stored. The owner has created a room with no doors and windows. This is the most
secure scenario considering that the walls and roof cannot be penetrated. But
it has a problem, it is very difficult to enter and exit from this room. So, the
owner opens a space for installing a door. Now owner can easily get in and out of
the room and inspect everything is secured.
As you can imagine anyone who has the key can open the door get
inside the room and steal the treasure. So, this door has become a vulnerability.
Vulnerability is a weakness that can compromise the security of critical assets.
If there is a vulnerability, there is always a way to exploit
it. For instance, in our scenario, the door is the vulnerability and anything
other than a key can be used as a tool to exploit it. I mean a thief can use a pry
bar to open the locked door illegally.
Figure 1: A Vulnerability & tool to exploit it!
A pry bar alone is not going to open a locked door by
itself. It needs an actor (attacker) who should have the intention to steal the
treasure by opening the door illegally using a pry bar. Opening a door
illegally is a threat that exists, and the one do conducts this act is the
attacker/intruder.
In the IT world, there are valuable assets to the
organization like networks, servers, workstations, information stored on
servers, and applications running to provide information all have
vulnerabilities. Security is all about identifying these vulnerabilities,
assessing vulnerabilities and threats, and preventing threats. Mitigation
techniques are used to prevent or counteract the illegal activity.
Hope you find this informative!