Security from the ground up & controlling a computer responses
Provide (2) 200 words response with a minimum of 1 APA references for RESPONSES 1 AND 2 below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.
Describe the three security properties of information. So, as with every IT security course I have taken in my time in this concentration, there is the one consistent fact, the three security properties, or tenets, or pillars, whatever they choose to describe them as. These three tenets are confidentiality, integrity and availability. They work together to form fundamental security requirements of information systems. Confidentiality ensures that things remain confidential and only personnel with need to know can access it. Integrity ensures that the data is not modified or deleted by unauthorized users. Availability endures that it is accessible, whether through local connection or online, the authorized user should be able to access what they need, when the need it.
What is the difference between requirements and controls in the security process? Reading between the lines and using this week’s textbook reading, my interpretation of requirement is the identification of a necessary rules based on the organization’s goals and acceptable risks. The controls are the actual barriers, and gates if you will, that enforce these rules within the system (Smith, 2016).
Lastly, the idea that a buffer overflow attack is designed to overwhelm, and at times, crash a system. It is set to run against multiple applications and software designed to spoof it into thinking it has a legitimate claim on you, or more specifically your software, and ends up with an obvious case of denial of service (OWASP, n.d). In fact, these days, denial-of-service is the tough sell as technology advances and we do not.
Anyway, enough of that, enjoy your weekend.
OWASP. (n.d.). Buffer overflow. Retrieved February 03, 2021, from https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Smith, R. E. (2016). Elementary information security, 2nd edition. Subury, MA: Jones & Bartlett Learning. Retrieved on February 03, 2021, from https://learning-oreilly-com.ezproxy2.apus.edu/library/view/elementary-information-security/9781284055931/05_chapter1.xhtml
The three security properties of information are Confidentiality, Integrity, and Availability (CIA). Confidentiality covers the practice of protecting information from any unauthorized disclosures. Confidentiality keeps all private information private and only accessible to those who have the appropriate authorization. The principle of Integrity is to ensure that the data provided is trusted and accurate from any unauthorized change. Finally, availability is the process in which there is solid flow of data and communication and its accessibility. Availability ensures that data can be quickly accessed when it is needed (Burnette, 2020).
The difference between requirements versus control, is that requirements are necessary security needs identified through a risk assessment, and controls are the procedures put into place to ensure those requirements are met and are continued to be met. For instance, if an individual’s business is reliant on specific software and spreadsheets, the requirement might be to always have accessibility. The control would be to incorporate appropriate back up procedures via a physical hard drive or through a cloud server (Smith, 2016).
Attackers can take over a computer via buffer overflow by overwriting memory with string of commands forcing the computer memory to overwrite data in the nearby RAM, with over nefarious executable commands. There are two predominate styles of buffer overflow attacks: stack overflow and heap overflow. Stack overflow is similar to the Morris Worm, where it attacks the memory stack and affects the local variables and return addresses. Heap overflow corrupt the heap memory and can affect global variables as well as program data (Li, 2019)
Burnette, M. (2020, July 24). Three Tenets of Information Security. Retrieved from LBMC: https://www.lbmc.com/blog/three-tenets-of-information-security/#:~:text=The%20fundamental%20principles%20(tenets)%20of,are%20called%20the%20CIA%20Triad.
Li, V. (2019, October 13). Binary Exploitation: Buffer Overflows. Retrieved from Noteworth – The Journal Blog: https://blog.usejournal.com/binary-exploitation-buffer-overflows-a9dc63e8b546
Smith, R. E. (2016). Chapter 1: Security From The Ground Up. In R. E. Smith, Elementary Information Security 2nd Ed. (p. 4). Burlington: Jones & Bartlett, LLC.