baqai
SENIOR MEMBER
- Joined
- Sep 28, 2006
- Messages
- 2,830
- Reaction score
- 4
- Country
- Location
Hello everyone, I am a I.T consultant having worked for over 14 years in different aspect of Information Technology, Have had a chance to work in the fascinating field of information security and noticing the lack of knowledge on the subject decided to do a small writeup on different terms and meanings so that a layman can understand them and can help secure their digital life.
Keep this in mind that following is NOT text book definitions, these are terms explanations deliberately made easy to make you understand the concepts, so kindly don't come up with "OOOOOO BUT GOOGLE SAYS THIS"
What is security? well any Info Sec person will tell you that Security is APAIN, Well yes it IS A PAIN but this also happens to be the abbreviation for 5 pillars of security, we will discuss them in some details
Authentication
Authentication means to establish your credentials and to prove who you are, this can be done in form of B-Form, NIC Card, License or other valid identity issued by Issuing Authority (in this case Govt)
Privacy
It means that conversation or exchange of ideas or words between two entities or people should remain private and third person is not able to understand, the most common thing we observe around in our surrounding is people trying to eavesdrop in your conversation for gossip, in cyber world this can be achieved via different methods like key loggers, man in the middle attack etc
Authorization
Authorization is often mixed with Authentication and creates confusion, they are both way different terms, while Authentication is establishing your credentials Authorization is based upon that authentication, that means that if a person XYZ is GM in a company upon authentication and establishing his/her credentials he is given certain authority which can be in form of access levels, access to certain part of building, access to some sensitive files etc. So first a user establishes their credentials using authentication and based upon that they are authorized access.
Integrity
Integrity means that a message should remain the same from one person to another and contents of the message are not distorted in any way, it may sound impossible but a simple experiment of Chinese Whispers will reveal how easy it is for a message to get distorted, how does it translates in cyber world? Well the most common attack is man in the middle attack, in this a black-hat would target a non-secure communication channel, reads packets in real time and change their content, so Mr ABC sending an email to Mr XYZ telling him to release payment of Rs 1000/- can be interception and a simple “0” can be added to make the same payment of Rs 10000/- it may sound science fiction but around 10 years back in a major bank’s conference room with their president and all top brass sitting a demo was given using their own email systems and contents were changed in real time, if that was done 10 years back you can very well imagine how much we must have progressed by now.
Non Repudiation
It means something can be proven in the court of law, in Pakistan it’s a niche subject and as per ET2002 digitally signed emails and contents have the same validity as a physically signed document.
Now lets come to Authentication, there are different kind of authentication, most common are single, two and three factor authentication which you already used in your daily life without even realizing.
Single Factor Authentication
Something you have e.g. NIC card is the most simple way of authenticating yourself.
Two Factor Authentication
Adding another layer to security, it means something you have and something you know e.g. ATM Machine, you have a ATM card and you know the pin code
Three Factor Authentication
Something you have, something you know and something you ARE, bio metrics being the third added layer of authentication
I will keep on adding to the subject once i have time, others please feel free to contribute.
@Dubious @MUSTAKSHAF @ps3linux @NA71 @R Wing @Sully3 @zulu
Keep this in mind that following is NOT text book definitions, these are terms explanations deliberately made easy to make you understand the concepts, so kindly don't come up with "OOOOOO BUT GOOGLE SAYS THIS"
What is security? well any Info Sec person will tell you that Security is APAIN, Well yes it IS A PAIN but this also happens to be the abbreviation for 5 pillars of security, we will discuss them in some details
- A = Authentication
- P = Privacy
- A = Authorization
- I = Integrity
- N = Non Repudiation
Authentication
Authentication means to establish your credentials and to prove who you are, this can be done in form of B-Form, NIC Card, License or other valid identity issued by Issuing Authority (in this case Govt)
Privacy
It means that conversation or exchange of ideas or words between two entities or people should remain private and third person is not able to understand, the most common thing we observe around in our surrounding is people trying to eavesdrop in your conversation for gossip, in cyber world this can be achieved via different methods like key loggers, man in the middle attack etc
Authorization
Authorization is often mixed with Authentication and creates confusion, they are both way different terms, while Authentication is establishing your credentials Authorization is based upon that authentication, that means that if a person XYZ is GM in a company upon authentication and establishing his/her credentials he is given certain authority which can be in form of access levels, access to certain part of building, access to some sensitive files etc. So first a user establishes their credentials using authentication and based upon that they are authorized access.
Integrity
Integrity means that a message should remain the same from one person to another and contents of the message are not distorted in any way, it may sound impossible but a simple experiment of Chinese Whispers will reveal how easy it is for a message to get distorted, how does it translates in cyber world? Well the most common attack is man in the middle attack, in this a black-hat would target a non-secure communication channel, reads packets in real time and change their content, so Mr ABC sending an email to Mr XYZ telling him to release payment of Rs 1000/- can be interception and a simple “0” can be added to make the same payment of Rs 10000/- it may sound science fiction but around 10 years back in a major bank’s conference room with their president and all top brass sitting a demo was given using their own email systems and contents were changed in real time, if that was done 10 years back you can very well imagine how much we must have progressed by now.
Non Repudiation
It means something can be proven in the court of law, in Pakistan it’s a niche subject and as per ET2002 digitally signed emails and contents have the same validity as a physically signed document.
Now lets come to Authentication, there are different kind of authentication, most common are single, two and three factor authentication which you already used in your daily life without even realizing.
Single Factor Authentication
Something you have e.g. NIC card is the most simple way of authenticating yourself.
Two Factor Authentication
Adding another layer to security, it means something you have and something you know e.g. ATM Machine, you have a ATM card and you know the pin code
Three Factor Authentication
Something you have, something you know and something you ARE, bio metrics being the third added layer of authentication
I will keep on adding to the subject once i have time, others please feel free to contribute.
@Dubious @MUSTAKSHAF @ps3linux @NA71 @R Wing @Sully3 @zulu
