Computer Security Series - Part 1 - Basic Terminology

By Raaz -

 Security Series

Part 1

Hello Everyone, I am starting a security series. At this moment I don't have much information where we would be landing.

Lets just get started!!!

In this post I am coming up with security terminology and their definition, this is complete theory so you can also read in your mobile.

Secure environment is a combination of people, process and tools( 3 tiers of security). All these 3 entities must work together and play vital role to have a secure environment.

Process: Have standards to apply security at everything we do.

Tools: find and fix problems to have the most secure offering at the end of the day

Attacker: An Adversary seeking to exploit potential vulnerabilities of a system.

Application Security: Measures taken to improve the security of a an application by finding, fixing and preventing security problems.

Software security: Engineering software so that it continues to function correctly under malicious attack.

Threat: Possible danger that might breach security and cause harm.

Risk: the possibility of a negative or undesirable occurrence.

Attack Surface: The interface an attacker could use to attempt to compromise a product or system.

Builders - Breakers - Defenders


Builder is a developer who builds something and must make sure that the build is secure by leveraging right tools, techniques and processes to ensure whatever they are creating is secure.

Breakers: People looking at the build and then trying to break into it.

Defenders: look at the overall system and secure it to prevent bad actors from getting in and doing something to the system

Employing a common vocabulary encourages effective security communication within the organization.

   CIA Triad - Foundational building blocks of application security

 
- Confidentiality : Information is protected from unauthorized disclosure. Nobody should be looking at or reading the information they shouldn't have access to if we have confidentiality.

- Integrity: The assurance that information is trustworthy accurate and has not been modified.

- Availability: A guarantee of reliable access to information by authorized people
 



Comments

Post a Comment

Popular posts from this blog

grep: unknown device method

By Raaz -
Today while using grep command via rundeck I was through grep: unknown device method  error. And the reason is due to I am having ' - ' in my search pattern I was through this error. I mean search includes grep "-search.this" /path/to/file Then you may get error with grep. So remove ' - ' in pattern and repeat your search. grep "search.this" /path/to/file Hope that helps.
Read more

Uploading files to FTP/SFTP using CURL

By Raaz -
Hello, Today I am writing below article which can help you to upload files to SFTP/FTP by using CURL. Ok why we need that ? Let me tell explain!! How we login into SFTP/FTP ? [root@virt03 test]# sftp 192.168.56.110 Connecting to 192.168.56.110... root@192.168.56.110's password: sftp> ls anaconda-ks.cfg       nodes                 post-install          post-install.log sftp> exit and uploading files with put command. Its a lengthy way. So recently I have gone through few articles and with some R&D I have modified it as script and command-line argument support.So you can call the script with filename as argument.  So Lets do this!!! Command 1 : This is for uploading a single to SFTP/FTP by using CURL.  SFTP curl -k  -u virt03:virt03 -T file4  sftp://192.168.56.110/home/virt03/ Syntax :  curl -k  -u username:password -T filename sftp://IP_Addreess OR Hostname:/path/to/upload  FTP curl -k  -u virt03:virt03 -T f
Read more

How to find outgoing IP in Linux ?

By -
Here is a small snippet to find outgoing IP of your Linux box. 1. To find the outgoing internal IP only         # ip route get 8.8.8.8 | head -1 | gawk '{ print $7 }' 2. To find the outgoing internal IP along with interface.   # ip route get 8.8.8.8 | head -1 | gawk '{ print $5,$7 }' 3. In-case if your system is connected to Internet, to find the outgoing external IP   # curl ifconfig.me Note:   In case if your system having public IP assigned then there is no difference between outgoing internal IP and external IP (both are same).
Read more