Confidentiality, Integrity & Availability Concerns | CompTIA IT Fundamentals FC0-U61 | 6.1

In this video you will learn about confidentiality, integrity and availability concerns.

Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.  Confidentiality is a set of rules that limits access to information. Integrity is the assurance that the information is trustworthy and accurate. Availability is a guarantee of reliable access to the information by authorized people.

CIA Triad

Confidentiality Concerns

Regardless of what type of information an organization is responsible for generating, processing, and/or storing, the information needs to be kept confidential.  Here are the specific threats to confidentiality you need to know about.

Snooping

Snooping is unauthorized access to another person’s or company’s data.  The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission.  Snooping can involve reading email over somebody’s shoulder or watching PINs or passwords being entered (a technique called ‘shoulder surfing’).  Unauthorized remote access programs can also be used for snooping. Some types of snooping use social engineering techniques to get the information desired.

How to combat snooping?  Stored data should be available only to those who need it.  However, intruders can use malware that installs keyloggers that capture login information to make it possible to impersonate a user who has access rights to the information you need to safeguard.  To prevent snooping, you need to make sure alleged users are who they claim to be (authentication) and have only the permissions needed for the information they work with. Training users to be wary of entering passwords and PINs when someone else is present and installing privacy screens on displays to make off-angle screen viewing impossible are also useful ways to minimize snooping.

Eavesdropping

Eavesdropping is an electronic attack where digital communications are intercepted by an individual whom they are not intended.  This is done in two main ways: directly listening to digital or analog voice communication or the interception of sniffing of data relating to any form of communication.  Thanks to mobile telephones, Voice over Internet Protocol (VoIP) computer messaging and telephony, and the hardware that makes these possible (microphones and webcams), many people no longer use traditional telephone service, so eavesdropping by picking up an extension receiver no longer works.  However, that doesn’t mean that they’re protected from eavesdropping. A man-in-the-middle (MITM) attack is another form of eavesdropping. Malware can be used to turn on webcams and microphones on computers and mobile devices and transmit what is recorded to remote locations. VoIP phones have many potential vulnerabilities, including the following:

  • Use of default configurations when setting up VoIP systems:  If you don’t change the default passwords or other standard settings, an intruder can look up this information and use it to get access to your system.
  • Lack of encryption:  Most VoIP systems don’t use encryption, so if a call is intercepted, the information in the call can be captured and transmitted to unauthorized receivers.
  • Not using a session border controller (SBC) as part of your VoIP infrastructure:  An SBC provides encryption, stops malformed data packets (which can be used to carry malware), and blocks distributed denial of service (DDoS) attacks.

Hidden cameras and microphones, often called bugging devices, can transmit on any of several wireless frequencies.  To find these bugs, use bug detectors that detect traffic on common wireless frequencies. To prevent malware from recording and transmitting information without your knowledge, you can use tape and cardboard to cover up the webcam and built-in microphones on tablets and laptop computers or disconnect external webcams and microphones on desktop computers.

Wiretapping

Wiretapping, strictly defined, is the unauthorized listening to POTS (plain old telephone system) phone calls with extension phones or with recording devices in the phone.  Wiretapping is also defined as tapping into a network cable to record calls or steal data. Because POTS has been widely superseded by wireless and VoIP phone technologies, the definition has been extended to cover the secret recording or interception of these types of communications as well.  Wiretaps can be placed on traditional phones, can be implanted in voice network switches, and can’t be prevented. There are many types of devices and apps for smartphones that can be used to detect wiretaps. Voice scrambling devices are available for traditional and cell phones.

Social Engineering

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.  This differs from social engineering within social sciences, which does not concern the divulging of confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.  Here are some examples of social engineering:

  • Pretexting:  Gaining users’ trust by claiming to be “from the IT department” or “the Internet provider” or “the phone company”, followed by asking the user to enter or provide the password to a system so the “tech” can make changes.
  • Phishing:  The fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising oneself as a trustworthy entity in an electronic communication.
  • Spear Phishing:  A form of phishing (fake email messages) that appears to come from another department in the company and requests information from a specific targeted individual or department.
  • Compromised Passwords:  Users who don’t change passwords after an IT technician or outside contractor tests their systems leave their systems vulnerable.

Training users to understand, detect, and reject social engineering and other types of deceit is essential to protecting important information.

Dumpster Diving

Dumpster diving refers to using various methods to get information about a technology user.  In general, dumpster diving involves searching through trash or garbage looking for something useful.  This is often done to uncover useful information that may help an individual get access to a particular network.  So while the term can literally refer to looking through trash, it is used more often in the context of any method (especially physical methods) by which a hacker might look for information about a computer network.

Hackers can learn a lot about a potential target by dumpster diving.  Even data that might not be considered confidential, such as department names, could be used for social engineering.  Using an on-site shredder or using a shredding service that collects material to shred in locked bins helps protect documents.  To prevent outdated data storage devices from being thrown away, make sure your organization has a well-defined electronics recycling policy that includes data destruction or physical device destruction.

Personally Identifiable Information (PII)

Personally identifiable information, such as the author of a document, contributors to a document, changes to a document, and more, is stored in many types of files, including Word, Excel, PowerPoint, OpenOffice, PDF, etc.  To protect privacy, this information should be removed before a file is distributed outside of an organization.

Integrity Concerns

Data integrity is defined as making sure that data is protected, accurate, and consistent over its life cycle.  Protecting data integrity is a key concern in the storage, processing, or retrieval of data. Here are some of the attacks on data integrity and confidentiality you should know about.

Man-in-the-Middle Attack (MITM)

A man-in-the-middle attack is where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. This allows the MITM to pass misleading information to one or both sides of the connection or steal data.  MITM attack methods include email hijacking, Wi-Fi eavesdropping, and Internet session hijacking. MITM attacks can be stopped by implementing encryption and certificate-based authentication. Emails should be encrypted using S/MIME (Secure/Multipurpose Internet Mail Extensions).  S/MIME protects messages at their origins and destinations (at rest) and during transmission (in transit). Implement certificate-based authentication for all devices used by employees. A device without a certificate can’t connect to the network.

Replay Attack

A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Contrast this with session hijacking, in which the original session is intercepted and analyzed. In a replay attack, the intent is to capture data such as banking or network logins and reuse it at a later time.  To stop replay attacks, websites can use login sessions that are secured with SSL or TLS, transmit randomized session tokens to anyone connecting for the first time and require their use in subsequent connections, or use timestamping and synchronization (a feature of Kerberos security).

Impersonation

Impersonation is pretending to be someone else to deceive others.  Computer-based impersonation attacks can take these forms:

  • Executive impersonation is the use of fraudulent emails claiming to be from a company executive directing the sending of money in a nonreversible form (ACH or wire transfer) to an individual or company for an urgent and confidential need (merger or acquisition, legal issue).  An organization that does not have a dual-authorization system to approve the sending of large sums of money is vulnerable. This type of attack is also called “whaling”.
  • Impersonation can also refer to an attacker configuring a computer or device that will be used in the attack to use another user’s credentials to run a service or an app.  Impersonation is an abuse of a legitimate operating system feature. To protect against this type of impersonation, organizations need to keep user login information safe from discovery by unauthorized third parties.

Unauthorized Information Alteration

Unauthorized information alteration threatens the integrity of any process or outcome based on that information (accounts, vote totals, news stories, etc).  Information that is stored in a relational database management system (RDBMS) is safer than information stored in an app such as a spreadsheet program. When information is retrieved or altered, a database app is configured to log user records and what was changed and who changed it.  However, if the same information is stored in a spreadsheet, a standard spreadsheet program (Excel, Quattro Pro, OpenOffice, org Calc, etc) does not include an audit trail feature to track what is being changed or by whom.

Availability Concerns

Computer systems that are not available as needed can cause data loss, loss of business, and potential hazards to life and limb if emergency services are affected.  Here are some of the major causes of a lack of availability.

Denial of Service (DoS)

A denial-of-service (DoS) attack is a cyber attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet. A distributed denial of service (DDoS) attack uses multiple attackers. Multiple attackers are often computers that have been turned into a botnet by malware.  A botnet is any number of PCs or devices (bots) that are infected and controlled to carry out a DDoS attack on a targeted network or specific computer. DoS/DDoS attacks can take many forms, such as flooding target computers with data packets or running procedures that use up all available disk space or RAM.  To stop DoS/DDoS attacks originating from the computer itself, use up-to-date antivirus and anti-malware to block email messages that could infect the computer.

To stop a DoS or DDoS attack originating from outside the network, try to identify the attack as quickly as possible by looking for unexpected network traffic spikes.  Adjusting router settings such as packet filters and flood drop thresholds for User Datagram Protocol (UDP) and other types of packets can provide a little margin, but if you need help, contact your ISP.  If your organization uses a hosting company, contact your hosting company. There are a number of companies that provide DDoS migration services to help your company get back online quickly.

Power Outage

Power outage of more than a few milliseconds can cause unprotected devices to shut down, causing local and network computer errors and the potential for data loss due to disk corruption.  However, battery backup units are available for servers and desktop PCs to help systems to continue to run during brief power outages and to shut down properly when the battery approaches exhaustion.  For longer-term operation during blackouts, use generators that use inverter technology to output computer-safe power.

Hardware Failure

Hardware failure in major computer subsystems such as RAM, motherboard, CPU, storage, cooling, and power supply leads to system shutdown, data loss, and possible data corruption.  Poor-quality electricity, such as low voltage (brownouts), overvoltage (surges and spikes) and outlet miswiring (incorrect polarity or missing ground) can damage or destroy motherboard, drive, display, and add-on card components.  To detect problems with miswiring, use an outlet tester or a surge suppressor with signal lights. A battery backup unit (commonly called a UPS, or uninterruptible power supply) with integrated surge suppression can help voltage problems.

Overheating is a major cause of hardware failure.  Preventive maintenance such as keeping air intakes clean, replacing fans that spin too slowly or stop working, and removing surface dust from RAM and motherboards can help stop overheating.  Some motherboards include apps that display fan speeds during normal computer operations by reading information that is sent to the systems BIOS. Third-party monitoring apps are also available.  The Open Hardware Monitor is an open-source utility that works in Windows and Linux. The Fanny Widget provides fan speed and CPU temperature monitoring for macOS.

Power supplies become less efficient with age and can fail with little or no warning.  If a desktop computer is kept in service for more than five years, the power supply should be replaced at the five-year mark or if voltage testing reveals problems.  You can check power supply voltage from the BIOS system monitor or PC Health dialog at system startup.

Redundant array of independent disks (RAID) arrays that use RAID 1, RAID 10, or RAID 5 designs provide protection against drive failure (RAID 0 improves performance but does not protect against drive failure).  RAID is not a substitute for backups, as data changes (erasure or writing) affect the contents of all drives, but in the event of a drive failure, the contents of the lost drive can be reconstructed from the other drives in the array.

Most hardware failures are due to component wear, electrical problems, or overheating, but deliberate hardware failure can be caused by malware that targets drives or firmware.  For example, a variation of DoS known as permanent denial of service replaces legitimate firmware on the targeted device with corrupt firmware, rendering the device useless.

Destruction

The ultimate prevention of device availability is device destruction.  Destroying storage devices by smashing hard disk platters, flash memory or SSD chips, or optical discs is a legitimate method for preventing the unauthorized reuse of data when storage has been withdrawn from service.  However, if the devices are in use and there are no backups, storage destruction equals data destruction. Data destruction can take place in other ways besides device destruction. Formatting data storage devices can lead to data destruction if an unconditional format is combined with repeated random data overwriting.  Ransomware that encrypts a hard disk unless a ransom is paid in the time limit required is another type of data destruction. The WannaCry ransomware outbreak affected over 75,000 systems in 99 countries in 2017. To prevent both physical and data destruction threats, a combination of physical and software security is needed.  Effective physical security to prevent unauthorized access to primary and backup storage helps avert physical destruction, whereas the use of backups and antimalware helps prevent data destruction.

Service Outage

Service outages can be caused by any of the topics discussed in the preceding sections.  The faster you can isolate, respond to, and recover from a service outage, the better for you and your customers.