Tutorial 02 – Security in Computing (Security Triad and AAA Services)

Question 01. Simply write down the three critical components, which must be there to maintain the
information security of assets in an enterprise.

Ans: The three critical components which maintain the information security of assets in an
enterprise are:

Confidentiality

Confidentiality means giving access only to the authorized user. It does not allow the
unauthorized access and prevent the information from the destroy and attack.
Confidentiality helps to protect the confidentiality of information and provide security
to the organization. Confidentiality allows only to the authorized access. It is
important to implement information security measures. It helps to set the
fundamental goals for an organization. It protects the information from unauthorized
access. Example: confidentiality is maintained for a biometric if authorized students
are able to attendance it, while unauthorized students are blocked from attendance.
So, the confidentiality helps to control access and protect from unknown students.

Integrity

Integrity means data or information which has been used cannot be change or
modify. It transfers the data without change. Integrity of information helps to exposed
damage, destruction and corruption. When attacker separates or breaks data into
corporate database and delete such data then it is termed as attack against integrity.
Example Unauthorized access and use makes possible to change information. So,
integrity it is used to monitor and control transmission of information and authorized
access.

Availability

Availability means available of data or information when needed and make

accessible to the user without any obstruction. Availability of system or device helps
authorized user to access anytime. It is the term which means available of the
necessary data which store and process the data in order to protect the security
 system. When the components of information are working effectively then it is easy
to maintain availability in an organization. Example: Availability of biometric helps
authorized students to make their attendance anytime.

Question 02. Write short notes on (do provide relevant examples):

• Confidentiality
Confidentiality means giving access only to the authorized user. It does not allow
the unauthorized access and prevent the information from the destroy and attack.
Confidentiality helps to protect the confidentiality of information and provide
security to the organization. Confidentiality allows only to the authorized access.
It is important to implement information security measures. It helps to set the
fundamental goals for an organization. It protects the information from
unauthorized access. Example: confidentiality is maintained for a biometric if
authorized students are able to attendance it, while unauthorized students are
blocked from attendance. So, the confidentiality helps to control access and
protect from unknown students.
• Integrity
Integrity means data or information which has been used cannot be change or
modify. It transfers the data without change. Integrity of information helps to
exposed damage, destruction and corruption. When attacker separates or breaks
data into corporate database and delete such data then it is termed as attack
against integrity. Example Unauthorized access and use makes possible to
change information. So, integrity it is used to monitor and control transmission of
information and authorized access.

• Availability

Availability means available of data or information when needed and make

accessible to the user without any obstruction. Availability of system or device
helps authorized user to access anytime. It is the term which means available of
the necessary data which store and process the data in order to protect the
security system. When the components of information are working effectively
then it is easy to maintain availability in an organization. Example: Availability of
biometric helps authorized students to make their attendance anytime.
Question 03. Describe the role of access control in securing a confidential data within an
organization.

Ans: The role of access control in securing a confidential data within an

organization are:

I. Encryption of data, password

II. Strong password
III. Does not allow access user
IV. Ensure security in technology
V. Implementation of access control policies
VI. Ensure only to the verified individuals

vii. Authentication, Authorizations are key factor for access control in securing a
confidential data.

Question 04. In your own words, describe the following access control mechanisms:

• Identification
Identification means recognize of individual users and provide access to an
individual. If system could not identify him/her then it won’t provide access. It is
one of the most important process of giving proof about the user.
• Authentication
Authentication means providing proof of his or her identification and access the
system. It is all about the verification of individual when he/she claim to be. If
system does not verify an individual, it involves the identification process. This
process prevents the system from the authorized access.
• Authorization
Authorization means up to how much user could access the system and update,
delete or change the contents of the information asset. It is the next process of
determination. It allows user after access to use, modify or change some types of
assets or resource.
• Accountability

Accountability means maintenance of record of the access user. It maintains the

standard of an organization. It helps to maintain all the records of access, run
including time.
Question 05. Elaborate the two protocols which can be used to implement AAA services within an
enterprise’s computer network infrastructure.

Ans: The two protocols which can be used to implement AAA services within an
enterprise’s computer network infrastructure are:

RADIUS

Radius is used as protocol in a host device while configuring AAA (Authentication,

Authorization, Accounting) to a device. UDP is used as transport layer protocol. It is
also used for the encryption of passwords only. The ports no used for the
authentication is 1812/1645. It does not have any logging command feature and it is
open standard.

TACCAS+

TACCAS+ is also used as a protocol to host device while configuring AAA

(Authentication, Authorization, Accounting) to CISCO router. TCP is used as
transport layer protocol. It is used for the encryption of both username and password.
The ports used for transport layer protocol is 49. It has full features of logging
command and belongs to CISCO.

Best of Luck