Sunday , 23 October 2016

An introduction to information security

An-introduction-to-information-securityAn introduction to information security :-

“The practices of ensuring information is only read , heard, changed, modified, broadcast and otherwise used by those people who having write to do ”  is called — Information Security.

Three primary goals of Information Security is :-

  • Confidentiality ( Keep data private )
  • Integrity ( Ensure that data has not been modified in transit )
  • Availability ( Data accessibility )


Confidentiality :-


 There are two types  of data:- data in motion as it moves across the network; and data at rest, when data is sitting on storage  media (server, local workstation, in the cloud,  and so forth). Confidentiality means that only the authorized individuals/systems can view sensitive or classified information. This also implies that unauthorized individuals should  not have any type  of access to the data. Regarding  data in motion, the primary way to protect that data is to encrypt it before sending it over the network. Another option you can use with encryption is to use separate  networks for the transmission of confidential data. Several chapters in this book  focus  on these two concepts.



 Integrity for data means that changes made to data are done  only by authorized individuals/systems. Corruption of data is a failure to maintain data integrity.


This applies to systems and to data. If the network or its data is not available to authorized users—perhaps because  of a denial-of-service (DoS) attack or maybe  because  of a general network failure—the impact may be significant  to companies and users who rely on that network as a business tool.  The failure of a network generally equates  to loss of revenue.

My main intention to write this article to define my visitors about basic introduction about information security and basic terms used in information security. In my future articles i am going to write about more on information security that’s why it,s important for my visitors to know about basic information security terms. :-)

Vulnerability :-

A Weakness which allows an attacker to break into / compromise a system’s security.Vulnerabilities can be found in protocols, operating systems, applications, and system designs.

Also Check :- 

                          How to use Vega Web Vulnerability Scanner in Kali Linux

                          Free Online Vulnerability Scan with Qualys FreeScan

                          Find-out Vulnerable Website with Vulnerable Site Finder Tool

Exploit :- Code which allows an attacker to take advantage of a vulnerable system.

Also check :- How to use Searchsploit On Kali Linux

Payload :- Actual code which runs on the system after exploitation

Countermeasure :-

A countermeasure or mitigation is a device or process ( a safeguard) that is implemented to counteract a potential threat, which thus  reduces risk.

Threat :-

A threat is anything that attempts to gain unauthorized access to, compromise, destroy, or damage an asset. Threats are often realized via an attack or exploit that takes advantage of an existing vulnerability.

Defense in Depth :-

This concept suggests that you have security implemented on nearly every point of your network. An example is filtering at a perimeter router, filtering again at a firewall, using IPSs to analyze traffic before it reaches your servers, and using host-based security precautions at the servers, as well. This is defense in depth. Using authentication and authorization mechanisms could also be part of a defense-in-depth approach.

The concept behind defense in depth is that if a single system fails, it does not mean that security has completely been removed from the equation.

Botnet :- A botnet is a collection of infected computers that are ready to take instructions from the attacker.

Check Also :- Find Out if Your Computer is Infected with a Bot

DoS and DDOS :-

Denial-of-service attack and distributed denial-of-service attack. An example is using a botnet to attack a target system. If an attack is launched from a single device with the intent to cause damage to an asset, the attack could be considered a DoS attempt, as opposed to a DDoS. Both types of attacks want the same result, and it just depends on how many source machines are used in the attack as to whether it is called a DoS or DDoS.

Also Check :-

                       How to Perform a DOS attack on Windows 7

                       What is Smurf DOS Attack and How to do it with BackTrack 5R3

                       How to Perform a DOS attack on a Website (LOIC Tool)

                      Perform DDOS Attack with Hping Command

                       DDOS Attack Taxanomy

Man-in-the-Middle attack :- 

A man-in-the-middle attack results when attackers place themselves in line between two devices that are communicating, with the intent to perform reconnaissance or to manipulate the data as it moves between them. The main purpose is eavesdropping, so the attacker can see all the traffic.

Also Check :- How To do Man in Middle Attack using Ettercap in Kali Linux

This one is really big topic to write.

Hope you like my post.An introduction to information security. Please Share with others.

Also Check :-

An Introduction to IPSec Protocol

How to Use Wireshark to Capture, Filter and Inspect Packets

Getting started with Hping3

Nmap – Free Security Scanner For Network Exploration and Hacking

What is Transmission Control Protocol (TCP )

What is differences between TCP and UDP

Use Facebook to Comment on this Post

About Syed Balal Rumy

A 27 year Tech Geek and a blogger from India ( Bihar ) , live in New Delhi. I am MCITP , CEHv8 , CCNA , CCNA Security , CCNP Security , Security + and CCSA certified. Loves to write tech articles based on my real experiences.

Powered by