Security+ Training Online | Cyber-security Goals (2 of 3)

integrity Jan 08, 2018
 

Yo! What's up again!

So, check it out: in our previous training we talked about data confidentiality which is the "C" in the CIA acronym.  If you missed that one, you definitely need to jump in because it's pretty foundational stuff and you really need to understand it if you want to nail the CompTIA Security+ exam.

We we're talking about cyber security goals and were trying to answer the question:

What is the goal of information security?

So here's the thing: not only do almost all businesses and organizations today need to make sure private data stays private but it's also important to make sure that data doesn't change.

In other words: can we have confidence that the data is trustworthy? Can we rely on it? How do we know for sure it hasn't been tampered with?

Detecting Data Differences with Hashes

The goal of integrity is to make sure only authorized people can modify the data; however, if it gets changed either intentionally by the good guys or maliciously by the bad guys (or even corrupted because of a network glitch) we need some way to detect that.

In the lab at that bottom of this post I walk you through how to detect file changes using some wicked Windows PowerShell tricks, but for now we need to talk about three core concepts related to data integrity:

  • File Hashes
  • Digital Signatures
  • Non-Repudiation

Let's look at File Hashes first.

So... the first thought that enters my mind when I hear the phrase "File Hashes" are those crunchy, warm, oval hash browns from McDonald's...

mmmm....

And the second thought that hits me is MD5 lol. 

So file hashing simply refers to feeding data through a hashing algorithm which transforms it into a bunch of random looking numbers and letters known as a hash.  This is also sometimes called a message digest which is, by the way, where we get the term MD5 hash - the "MD" stands for Message Digest.

Now there are tons of hashes out there such as the Secure Hash Algorithm 256 (SHA256) or Hash Based Message Authentication Code (HMAC) but the basic premise is the same: 

You take some data of variable length, feed it as input into a hashing function and you get a digest as output.  The real point here is if if the data changes, even in the smallest possible way, the hash changes too.  

Simple enough right?

So you can hash some data at its source location and then again at the destination and compare the two digests.  If the hashes are different you know the data you have isn't what you hoped it would be.  Maybe it was corrupted during a file transfer or perhaps an evil attacker intercepted it, implanted a backdoor and then re-injected it into the network stream...

hmm.. are you starting to see why hashing is good?

Or imagine this: let's say I wanted to send you an email with a signed contract.  There's a long text agreement in the email attachment that stipulates that I agree to pay you $5,000 for setting up my home office with internet connectivity.  Last week we met over dinner and agreed to the terms.

So I scanned the contract with my printer, ran it through a SHA256 hash algorithm and then emailed you the document along with the SHA256 message digest (remember that's just a long random looking number)

Alright, so a few days later, you pop open your inbox, open the email and download the contract.  Then you submit the attachment through a SHA256 hash algorithm on your computer and you get a long random looking number that is exactly the same as the long random number I sent you.

You now know the message hasn't changed.  The contract is exactly what you expected and agreed to so all is well.  You know this because if the file were altered the hash would be completely different.

So the key thing to remember here is that data integrity gives you confidence that the data hasn't been tampered with, corrupted or modified in any way - in other words: it validates the integrity or wholeness of the data.

Signatures: Old School vs New School

Digital signatures are another excellent way to guarantee data integrity.  

Think about your real signature for a moment.  What's the point of a signature?  Why do you sign things?

Isn't it there to protect against forgery?

I mean, to go back to our little contract analogy: if you sign a contract but I hate the terms and later try to change them behind your back I'll need to find a way to forge your signature.  And although some people can do this, it takes a lot of effort and in most cases it can be hard to pull off undetected.

So when we talk about digital signatures with, for example, an email message, I can digitally sign it before sending it to you so that when you get the message you'll know that the email message wasn't modified, tampered with or corrupted. 

How would you know that? Because it's very difficult for someone to forge digital signatures.

Digital signatures actually provide three things:

  • Integrity
  • Authentication
  • Non-Repudiation

You get integrity because you'll have reasonable assurance that the message hasn't been changed.

You get authentication because since only I can generate my unique digital signature you'll know the message really came from me and not an attacker trying to phish your credentials.

You also get non-repudiation.  This is just a fancy Security+ word that means, "I can't deny it".  I can't repudiate, or deny sending you the message that is signed with my digital signature because the only way the message could be signed like that is if it actually did come from me.

Now in order for all this to work we need to use something known as Public Key Infrastructure (PKI) which is based on certificates (basically encryption keys) - we'll dive into that later but I just wanted you to get a broad understanding of this stuff before we go deep.

Tomorrow we'll round out the CIA triad with Availability.  So make sure you're available to read it...

Okay that was a bad joke... did you get it?  But seriously! You should be around to read it!

By the way, as I mentioned in the beginning, if you want to go deeper with this stuff and actually get some hands on experience then you need to join my email list.  I'll send you the lab that complements the material we discussed in this tutorial.  It's one thing to know what something is and it's quite another to actually do it on your own.  In the lab, we'll be using Windows PowerShell to do some pretty slick hashing so you don't want to miss it.  And don't worry if you've never used PowerShell or don't know what it is, I'll walk you through the basics step-by-step.

Next week we're going into the last part of this mini-series: Availability so make sure you're ready for that.

Peace.

Take the Next Step!

Join our FREE mailing list to get FREE Security+ training online. You'll get tons of Security+ videos, braindump PDFs, lab simulations and more.

Yes! I want to subscribe
Close

50% Complete

Let's do this!

Pop in your first name and best email address and we'll send you:

The latest updates on the CompTIA Security+ SY0-501 exam

Proven tips and tricks for passing the exam

Hands on video labs with complete step-by-step walk-throughs

And don't forget to refresh your inbox.  You should see us there in about 3 minutes.