OPS 401 Class 06 - MackD51/CyberReadingNotes GitHub Wiki

Applying the CIA Triad & What Are MD5. SHA-1, and SHA-256 Hashes

1. You have been made responsible for the company’s file server. How would you preserve the three elements of the CIA triad?

To preserve confidentiality, I would implement a strong access control system and make sure that only authorized users have access to any sensitive/confidential information. In addition, I would encrypt any sensitive files stored on the file server and use secure protocols for data transfer. I would use SSL or SSH for data-in-transit encryption and OpenPGP for data-at-rest encryption. Finally, I would require 2-factor authentication in order to restrict access to any confidential information.

To preserve integrity, I would use hash functions and digital signatures. This will help the users to identify whether files were tampered or not.

To preserve service availability, I would set up 1 or more failover servers as a backup for our primary server. I would also set up 2 or more active servers to prevent the main server from going down.

2. Explain how hashing verifies data integrity using non-technical terms.

Hashing is an operation that takes a piece of text as input and turns it into a string of random characters (called a hash) as an output. Even a tiny change in the original text will provide a totally different hash. To verify the data integrity, we can check if our downloaded file/software has the same hash function as the one that was provided by its creator.

3. How is hashing and encryption different?

Hashing is a one-way process that verifies data integrity. We cannot "de-hash" the original input data. Encryption, on the other hand, is the process of converting data into unreadable format. Only authorized parties can decrypt this data.

References

https://www.howtogeek.com/67241/htg-explains-what-are-md5-sha-1-hashes-and-how-do-i-check-them/ https://www.jscape.com/blog/implementing-the-cia-triad-when-transferring-files-through-the-internet