401d8 read06 - carlosjorr/reading-notes GitHub Wiki

Data file encryption

You have been made responsible for the company’s file server. How would you preserve the three elements of the CIA triad?

Confidentiality: To preserve confidentiality, implement access controls and encryption. Ensure that only authorized individuals can access sensitive files by using strong passwords, access permissions, and user authentication methods like two-factor authentication. Additionally, encrypting the files or data means converting them into a secure and unreadable format, making it difficult for unauthorized users to decipher the information.

Integrity: To maintain data integrity, employ hashing techniques. Hashing is like creating a unique digital fingerprint for each file or piece of data. A hash function takes the file's contents and produces a fixed-length string of characters, known as a hash value or checksum. Even a slight change in the file's content will result in a completely different hash value. By regularly calculating and comparing the hash values, you can detect if any unauthorized modifications have occurred. If the hash values don't match, it indicates that the file's integrity has been compromised.

Non-technical explanation of hashing and data integrity: Think of hashing as a way to check if a file has been tampered with. Imagine you have a special stamp that can create a unique mark for each document. Whenever you want to verify the integrity of a document, you use this stamp to create its unique mark. If someone changes even a single word in the document, the mark created by the stamp will be completely different. By comparing the original mark with the new mark, you can easily tell if the document has been altered.

Availability: To ensure availability, implement backup systems and disaster recovery plans. Regularly back up your files and store them securely, either in physical or cloud-based storage. This way, if the file server experiences hardware failures, accidental deletions, or other incidents, you can restore the data and maintain its availability. Having a well-defined disaster recovery plan helps to minimize downtime and quickly restore services in case of disruptions.

Explain how hashing verifies data integrity using non-technical terms.

Imagine you have a special stamp that creates a unique mark for each document. This mark represents the content of the document in a compact way. Let's call this stamp a "hash stamp." Now, whenever you want to verify the integrity of a document, you use this hash stamp to create its unique mark.

How is hashing and encryption different?

Hashing: Hashing is a one-way process used to verify data integrity. It takes any input (such as a file, message, or password) and applies a mathematical algorithm to produce a unique hash value. The key point is that hashing is irreversible, meaning you cannot retrieve the original input from the hash value alone. Its primary purpose is to ensure data hasn't been tampered with by comparing the hash values before and after any transmission or storage.

Encryption: Encryption is a two-way process that focuses on data confidentiality. It transforms data into an unreadable form, known as ciphertext, using an encryption algorithm and a key. The ciphertext can be decrypted back into the original data using the corresponding decryption algorithm and key. Encryption protects data from unauthorized access, ensuring that only authorized parties with the decryption key can decipher and understand the information.