CIA Triad :Confidentiality , Integrity & Availability

Confidentiality

As per NIST Confidentiality refers to the aspect of information security in which "data or information is not made available or disclosed to unauthorised individuals, entities, or processes. This means that sensitive information has to be protected from unauthorised access, disclosure, alteration, or destruction.

Confidentiality countermeasures are implemented through various security controls, such as encryption, access controls, authentication procedures, data classification, etc.

Attacks against confidentiality:

1. Intentional attacks: Data breaches, phishing attempts, malware, and physical security attacks.

2. Unintentional attacks: Sometimes attacks are the result of human error, oversight, or incompetence, which may result in a violation.

Countermeasures implemented should cover all nuances of confidentiality.

Ideally , we want to implement controls that have the best combination of all 3 aspects of CIA Triad.

Remember, too much confidentiality will result in a loss of availability.

Integrity

As per NIST, "Integrity is the quality of data being accurate, consistent, and trustworthy over its entire lifecycle. It ensures that data remains unaltered and retains its intended state, preventing unauthorized modifications, deletions, or additions."

At its core, integrity refers to the assurance that information remains intact and unaltered from its original state. This assurance extends to both data at rest and data in transit, encompassing various forms of digital assets, including documents, databases, and communication channels.

Attacks against Integrity:

1. Data tampering: This involves unauthorized alterations to data, either by modifying its content or changing its structure. Attackers may tamper with financial records, medical information, or other sensitive data to manipulate transactions, conceal evidence, or discredit organisations.

2. Man-in-the-Middle (MitM) Attacks: In MitM attacks, an attacker intercepts communication between two parties and alters the data exchanged between them. By impersonating legitimate parties or tampering with transmitted data, attackers can manipulate messages, inject malicious code, or modify transactions without detection.

3. SQL Injection: SQL injection attacks target web applications by exploiting vulnerabilities in input fields to execute malicious SQL queries. Attackers can manipulate database queries to insert, modify, or delete data, potentially compromising the integrity of databases and exposing sensitive information.

4. File Integrity Attacks: Attackers may attempt to compromise the integrity of files by modifying their content or attributes. This can involve replacing legitimate files with malicious ones, altering file permissions, or injecting malicious code into executable files, compromising the integrity of software systems.

5. DNS Spoofing: In DNS spoofing attacks, attackers manipulate Domain Name System (DNS) resolution to redirect users to malicious websites or servers. By modifying DNS records or impersonating legitimate DNS servers, attackers can redirect traffic to fraudulent sites, compromising the integrity of online communication and transactions.

6. Malware Attacks: Malicious software, such as viruses, worms, and Trojans, can compromise the integrity of systems and data by modifying, deleting, or corrupting files and system configurations. Malware may alter critical system files, inject malicious code into executables, or encrypt files for ransom, causing data loss or system malfunction.

Remember, too much integrity will lead to a loss in availability.

Availability

As per NIST, " Availability states that data , systems, and resources are consistently accessible and usable by authorized entities when needed. It emphasizes the importance of ensuring that information and resources are available for use whenever required, without undue delay or disruption."

Availability ensures that users have timely and uninterrupted access to information and resources, enabling them to perform their tasks efficiently and effectively. This includes factors such as system uptime, reliability, resilience against failures or attacks, and measures to mitigate downtime or outages.

Attacks against Availability: Mainly DoS and DDoS

Flooding Attacks: In these attacks, the attacker overwhelms the target system with a high volume of traffic, such as TCP SYN flood attacks, UDP flood attacks, or ICMP flood attacks.

Protocol Exploitation: Attackers may exploit vulnerabilities in network protocols or applications to cause service disruptions. For example, attackers might exploit weaknesses in the HTTP protocol to exhaust server resources or exploit vulnerabilities in DNS servers to disrupt DNS resolution services.

Botnet Attacks: In DDoS attacks, attackers may control a network of compromised devices (botnet) to launch coordinated attacks against a target. By leveraging the combined bandwidth and resources of numerous compromised devices, attackers can amplify the impact of their attacks and make mitigation more challenging

Remember, too much availability will reduce confidentiality and integrity.