Principles of Network Security
Network security involves around three key principles of confidentiality, integrity and availability. Depending upon the application and context, one of these principles might be more important than the others. For example, a government agency would encrypt an electronically transmitted classified document to prevent an unauthorized person form reading its contents. Thus, confidentiality of the information is paramount. If an individual succeeds in breaking the encryption cipher and then, retransmits a modified encrypted version, the integrity of the message is compromised. On the other hand, an organization such as Amazon.com would be severely damaged if its network were out of commission for an extended period of time. Thus, availability is a key concern of such e-commerce companies.
Confidentiality is concerned with preventing unauthorized disclosure of sensitive information. This disclosure could be intentional, such as breaking a cipher and reading the information, or it could be unintentional due to the carelessness or incompetence of individuals handling the information.
There are three goals of integrity.
Preventing the modification of information by unauthorized users
Preventing the unauthorized or unintentional modification of information by unauthorized users
Preserving the internal and external consistency
Internal consistency: Ensures that internal data is consistent. For example, in an organizational database, the total number of items owned by an organization must be equal to the sum of the same items shown in the database as being held by each element of the organization.
External Consistency: Ensures that the data stored in the database is consistent with the real world. Relative to the above example, the total number of items physically sitting on the shelf must equal the total number of items indicated by the database.
Availability assures that a system’s authorized users have timely and uninterrupted access to the information in the system and to the network.
Other important terms include:
Identification: The act of a user professing an identity to the system, such as login ID
Authentication: Verification that the user’s claimed identity is valid, such as through the use of password.
Accountability: Determination of the actions and behavior of a single individual within a system and holding the individual responsible for his/her actions.
Authorization: The privileges allocated to an individual or process that enable access to a computer resource.
For more details you can visit our website at http://www.helpwithassignment.com/IT_Security_Assignment_Helpand http://www.helpwiththesis.com