Follow us on Twitter!
Ideas are far more powerful than guns.
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 33
Guests Online: 26
Members Online: 7

Registered Members: 82881
Newest Member: DARKLECTER
Latest Articles

The CIA Triad

Arrow Image The CIA Triad, also know as "The security functionality triangle" is like a fire triange for web security.



The fire triangle is a a triangle of requirements for fire to exist or continue. The sides of this triangle are. Oxygen, heat and fuel. For instance if there is not enough heat in an area then the fuel cannot reach its ignition temperature and a fire cannot start. Equally so if there is no oxygen then combusion cannot take place.

This model is used to teach pupils at schools how to stop fires in their homes and to teach firefighters how to extinguish fires.

There is a similar model in web security called, "The CIA Triad". Properly it should be refered to as "The C.I.A. Triad" because CIA is an acronym in it. They stand for the 3 parts of the triangle. These are;

Confidentiality
Integrity
Availability

Without these three parts then the security of a system is breeched.

To start with I am going to expain confidentiality.

Confidentiality is making sure that the data on a system is only visible to people with the correct access rights. This area is the area which is most obvious to computer users. i.e. Having a password to logon to a computer etc. There are many ways of protecting this such as encyption.

This can be comprimised in many way, for instance in web application there is SQL Injection to get data without authorisation from a database and with networks there is packet sniffing.

The next word in the acronym is intergrity.

This is making sure that the data recieved is the data which the sender was ment to send. For instance, in web applications a website which logs refers say relies on the fact that the refer is the real refer and not one which has been spoofed to cause damage to the website. *cough* system_meltdown's HoF for Real 8 *cough*. There is also the more basic threat that the data has been destroyed in transmittion, ie Packet Loss.

The final word in the acronym is Availability.

This requires that the resources for the system are avaliable for use. This means that the computer can process data at a speed that can maintain the system.

This means that the obvious problem will be DoSing of systems.

To summarise.
For a system to be secure all data must not be visible to authorised subjects that all data is unaltered malicously and that the system is still functioning normally.

Comments

BluMooseon August 03 2006 - 13:59:40
Interesting concept Wink
system_meltdownon August 03 2006 - 20:38:57
Nice article, I get mentioned xD hehehe
H-oLm35on August 04 2006 - 01:12:32
wowch big article!
The_Cellon August 05 2006 - 11:17:36
Nice. It gives the people a good lead for securing their apps Wink Nice job!
knutraineron August 05 2006 - 20:30:45
What the hell
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.