TC2027

The pillars of information security

If we intend to make a secure system, we might want to take a look a the CIA model of security. What? the CIA? I don’t want any trouble with the USA government. Well not that type of CIA, I’m talking about the acronym for the three key principles that provide the security in the word information security.

(I’ll land some of this concepts through php, a server side programming language where security is serious business, mainly because I’m currently learning and it will help me “study” and hey I warn you its very basic php so don’t ).

Give me a C of…. Confidentiality

Basically, protecting information from people who is not supposed to see it (well isnt is obvious?). This is the most common way of attacks and when It happens it is called a breach. Encryption methods can come to the rescue though 🙂

In php there are several “super globals” that cannot be trusted when making a serious web application, some of them are: $_GET, $_POST, $_REQUEST.. and others. These are variables that are always accessible no matter the context so avoid them.

Also, don’t ever use POST for sensitive information.

Integrity!

Ensuring that data becomes unchangeable or does not become altered by someone who is not supposed to change it. Some attacks intercept messages and alter them before the message gets to the recipient.

Another tip for preventing session hijacking in php is to store the session as the client ip address by calling getenv ( “REMOTE_ADDR” )

Availability

Information must be accessible or visible to the ones meant to see it (previously authorized users).

A way to ensure this trough php is via two way encryption (login and files). I don’t really know how to do that so that’s all I am saying 🙂

 

Advertisements

One thought on “The pillars of information security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s