Security Dose - Basic Security Scenario and Terminologies!

Basic Security Terminology

Basic Security Terminology

In an ideal scenario, let’s say you build a small office network where employees come, work, and leave home after the day ends. In this scenario, you know everyone who is coming and what he is doing on the network and are aware that network resources are being used as per predefined guidelines. Do you know even in this ideal network, a user may decide to annoy someone by creating interference or viewing information that is not required for him to perform his job and is meant to be confidential?

In our example, we have seen a small simple network can also pose a threat. Now consider the environment where employees are everywhere (in the branch, at home, at the airport, at café, etc.), and applications or data reside across multiple data centers. For employee convenience, the company has provided them with corporate laptops and allowed their mobiles, and tablets to be used for application access. As the network grows beyond the physical location of the company, it is difficult for an organization to secure it. Securing a network needs a basic understanding of security terminology and this acritical is all about that.

Let’s start with an example of a room where treasure is stored. The owner has created a room with no doors and windows. This is the most secure scenario considering that the walls and roof cannot be penetrated. But it has a problem, it is very difficult to enter and exit from this room. So, the owner opens a space for installing a door. Now owner can easily get in and out of the room and inspect everything is secured.

As you can imagine anyone who has the key can open the door get inside the room and steal the treasure. So, this door has become a vulnerability. Vulnerability is a weakness that can compromise the security of critical assets.

If there is a vulnerability, there is always a way to exploit it. For instance, in our scenario, the door is the vulnerability and anything other than a key can be used as a tool to exploit it. I mean a thief can use a pry bar to open the locked door illegally.

Figure 1: A Vulnerability & tool to exploit it!

A pry bar alone is not going to open a locked door by itself. It needs an actor (attacker) who should have the intention to steal the treasure by opening the door illegally using a pry bar. Opening a door illegally is a threat that exists, and the one do conducts this act is the attacker/intruder.

In the IT world, there are valuable assets to the organization like networks, servers, workstations, information stored on servers, and applications running to provide information all have vulnerabilities. Security is all about identifying these vulnerabilities, assessing vulnerabilities and threats, and preventing threats. Mitigation techniques are used to prevent or counteract the illegal activity. 

Hope you find this informative!

 Continue Reading...