Security Is A PAIN

Labels: , , , , , Posted by Saquib Baqai
Monday, October 26, 2009
In my previous post i mentioned "Security is A PAIN" and i mentioned that i would cover it in a future post. Well i will try to explain it to you. The statement should be read as "Security is A.P.A.I.N" and it stands for,

A : Authentication
P : Privacy
A : Authorization
I : Integrity
N : Non Repudiation

Authentication

Authentication means to authenticate a person or to proove someones identity. We need to be sure that the person is who he claims to be. In our daily life we use our ID Card or Driving License for purpose of Authentication or "Proof Of Identity". Authentication places an important role for Authorization

Privacy

Privacy means that conversation or content exchanged among two or more parties should remain confedential. When it comes to electronic medium this is normally achieved by encryption.

Authorization

Authorization is the access level a person has, It is based on the Authentication performed e.g. a person claims to be Mr.X whose designation is Manager and based on his proper authentication he is granted his rights. Mr Y another person can be in the very same department at lower designation and would be gratned a lower acecss level / rights to information based on the authentication.

Integrity

In simple language Integrity means that the content of a message/conversation/document should remain intact and no unauthorized changes are being made. That means if the CEO of the company dispatches an email sayinig "1000 $ bonus to everyone" it shoud reach down the hierchy as 1000 $ not 100 or 10 or 10,000. I hope i am gettiing my poin clear here? If not do feel free to message me!

Non Repudiation

Non Repudiation means something which could be proved in the court of law and cannot be denied, In terms of electronic channels it mostly means that a person cannot deny that he/she send an email, alter/created a document etc.

The above were the five pillars of security which needs to be achieved in order to get "Security", but at the end of the day there is no such thing as "Fully Secured".
at 10:06 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)