Cybersecurity revolves around the CIA triad: Confidentiality, Integrity, and Availability. This is something that exists in every organization at some level, regardless of its size or industry.
Keeping a formula secret to protect intellectual property, safeguarding sensitive employee data to maintain trust and compliance with regulations, and ensuring that customers can access the company’s website without interruptions are all essential aspects of this triad.
This is also important for the CompTIA Security Plus certification. Let’s discuss each of these pillars in the triad.
Confidentiality
Confidentiality refers to the practice of keeping sensitive information private and secure, ensuring that it is only accessible to authorized individuals. In today’s digital age, where information can be easily shared and disseminated, the importance of confidentiality has become even more pronounced.
Organizations must implement robust policies and technological safeguards to protect confidential information and train their employees on best practices for data privacy.
A common security measure that enhances sensitive data confidentiality is encryption. Encryption transforms information into an unreadable format, making it accessible only to authorized users who possess the necessary decryption keys.
You can refer to my previous post where I teach you a method to encrypt your data with OpenSSL.
Integrity
Integrity is a fundamental principle that ensures the accuracy and reliability of data from its creation to its destruction. It involves protecting data from unauthorized alterations and ensuring that information remains uncorrupted and intact.
This can be achieved through various methods, such as implementing strong authentication measures, employing cryptographic techniques, and maintaining robust access controls.
By safeguarding the integrity of data, organizations can build trust with their stakeholders, protect sensitive information, and mitigate the risks associated with data breaches and cyberattacks.
Soon, I will explain how to verify the integrity of a downloaded file.
Avaliability
Availability is a critical component that ensures systems, applications, and data are accessible to authorized users whenever they are needed.
This aspect of the triad plays a vital role in maintaining operational efficiency and user satisfaction, as any downtime can lead to significant disruptions.
Organizations must implement robust redundancy measures, effective load balancing, and regular maintenance schedules to guarantee that their services remain available even in the face of unexpected failures or high traffic.
Perform a Checksum Validation
Generally, software downloads from the internet come with a checksum.
When you download a new Operating System (OS) like Kali or Windows 11, it typically includes a checksum that allows you to verify the file’s integrity, ensuring that it has not been tampered with or corrupted during the download process.
This verification step is essential as it helps protect users from potential malware infections that could arise from compromised software.
If you navigate to kali.org you will see that all of their downloads come with a precomputed checksum like the one in the picture above. Let’s walk you through the process of comparing these hashes.
On Mac/Linux:
- Download the desired ISO file.
- Open up Terminal.
- Navigate to the file’s location.
- Run this command:
- For SHA256:
shasum -a 256 [filename]
Note: instead of navigating to the file’s location, you could also type the file path instead of file name. Let’s me show you how it looks like on the next example. - For MD5 using file path instead:
md5sum [filepath]
- For SHA256:
- Compare the checksums.
On Windows:
- Download the desired ISO file.
- Open up CMD.
- Navigate to the file’s location.
- Run this command:
- For SHA256:
certutil -hashfile [filename] [algorithm]
Note: instead of navigating to the file’s location, you could also type the file path instead of file name. Let’s me show you how it looks like on the next example. - For MD5 using file path instead:
certutil -hashfile [filepath] [algorithm]
- For SHA256:
- Compare the checksums.
Remember that by comparing the checksum provided by the developers with the calculated checksum of your downloaded file, you can confidently proceed with the installation, knowing you are working with an authentic and unaltered version.
If you wish to learn more about the CIA triad you can visit this website. I hope you enjoyed reading today’s post. If you found it useful, feel free to share this with your friends.
Discover more from Cyber-Jot | Learn Cybersecurity & OSINT
Subscribe to get the latest posts sent to your email.
Leave a Reply