Security of information systems

Security is a key aspect of any information system. The question is not "Will I suffer an attack?" but "When will I suffer an attack?", this means that there is no information system that does not need security measures.

There are a number of fundamental security properties that any system must take into consideration in order to protect information and users privacy. These properties can be summarized as follows:

  • Confidentiality - not allow access to information by unauthorized parties
  • Integrity - ensure that information is not changed
  • Authentication - possibility to identify who is accessing the system in a way to authorize, or not, the access.
  • Non-repudiation - ensure that whoever performs certain action can not deny responsibility for such action.

In order to ensure confidentiality, cypher or encryption algorithms are used. In the case of integrity are the functions of hashing or application of HMAC algorithms (Keyed-Hash Message Authentication Code). Authentication can be performed, for example through digital certificates, biometrics techniques, etc. For non-repudiation digital signature mechanisms are applied.

Regarding attacks on the security of an information system, the most frequent are attacks by listening, spoofing, denial of service, phishing and hijacking.

In future posts, I will deepen all the points mentioned here, since security is a very important issue that concerns not only system administrators but also users.